Systweak Spyware Library
Systweak Spyware Library text
More than 1309737 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Worm-P2P.delf.bq Analysis Report
Threat Submitted On: 8/8/2008 7:23:26 AM
Threat Analysed On: 8/8/2008 12:23:26 PM
Threat Updated On: 11/16/2009 3:57:25 AM
Type : Worm-P2P
Symptoms of delf.bq
  • Spreads through peer-to-peer networking software.
  • Make a copy of themselves into the shared folder of the local machine and in available to other users of the same P2P network.
Information
Alias : p2p-worm.win32.delf.bq
Md5 Hash : [1d55bc853247592f814b6f73f29bdf57]
File Size : (90624 bytes)

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: aim_hack.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: counter strike_cd_keygen.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: delphi 2005 keygen.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: delphi 6 - serial gen.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: delphi 7 crack.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: delphi 9 keygen.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: ftp_crack.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: half_life cd keygen.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: hotmail hacker.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: hotmail_account_sniffer.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: hotmail_cracker.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: hotmail_hacker.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: icq_hack.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: icq_hackingtools.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: iis_shellbind.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: invisible_ip.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: msn_crack.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: ps2_emulator_bleem.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: wardialer.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: win2k_pass_decryptor.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: win2k_reboot_exploit.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: win2k_serial_gen.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: winxphack.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: winzip_keygen.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: xp_keygen.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: yahoo_hack.exe
Path : %windir%\files
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: winexec.exe
Path : %windir%
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
File: [randomname].exe
Path : %workingdir%
Md5Hash :1d55bc853247592f814b6f73f29bdf57 ( 90624 bytes)
Creates the following infected Registry Keys on user's System
Note:
Delete these Registries to remove Infection
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
dir0 = "012345:%windir%\files"
|__ Value Added :
dir1 = "012345:%windir%\files"
|__ Value Added :
dir2 = "012345:%windir%\files"
|__ Value Added :
dir3 = "012345:%windir%\files"
|__ Value Added :
dir4 = "012345:%windir%\files"
|__ Value Added :
dir5 = "012345:%windir%\files"
|__ Value Added :
disablesharing = "0"
|__ Value Added :
winexec = "%windir%\winexec.exe"
Copies the Following Files to Given Location :-

Copies :%workingdir%\[random name].exe

To : %windir%\winexec.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\hotmail_hacker.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\hotmail_cracker.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\hotmail_account_sniffer.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\aim_hack.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\msn_crack.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\icq_hack.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\wardialer.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\delphi 6 - serial gen.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\winxphack.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\delphi 7 crack.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\win2k_serial_gen.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\yahoo_hack.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\ftp_crack.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\xp_keygen.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\ps2_emulator_bleem.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\win2k_pass_decryptor.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\win2k_reboot_exploit.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\iis_shellbind.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\winzip_keygen.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\counter strike_cd_keygen.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\delphi 2005 keygen.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\delphi 9 keygen.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\half_life cd keygen.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\hotmail hacker.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\icq_hackingtools.exe

Copies :%workingdir%\[random name].exe

To : %windir%\files\invisible_ip.exe

NOTE:

1. %windir% Refers to the windows root folder. By default it is 'C:\Windows'
2. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.

Microsoft Gold Certified Partner

© Systweak Inc., 1999-2009 All rights reserved.