Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
SpamTool.delf Analysis Report
Threat Submitted On: 11/1/2008 9:43:09 AM
Threat Analysed On: 11/1/2008 2:43:09 PM
Threat Updated On: 1/28/2011 3:42:36 AM
Type : SpamTool
Symptoms of delf
  • It fetches random e-mail addresses from websites and other sources to send spam mails.
  • The spam e-mail can be a promotional e-mail or may contain get-rich-quick schemes or viruses.
  • It costs the users and the ISPs.
Information
Alias : spamtool.win32.delf.cx
Md5 Hash : [Not Available]
File Size : [ Not Available ]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: msnmsg.scr
Path : %allusersprofile%\start menu\programs\startup

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
11f62bbea4c2f9819a88ba0da0f35381 ( 381952 bytes)
22690f056dc0b1d0a23b1991fbad75ae ( 368128 bytes)
2e2dc3c1d314bb6ef090fae8bfe81e1c ( 370176 bytes)
6d5cc8fe42b5fbadbaad44ac3c29e3a5 ( 368130 bytes)
f61cecb3315f4dc6963bf6102a8135f9 ( 381952 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :28225641a9d655d67eeb059649a19797 ( 245248 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :76cb299e31b3cd10c486df9d061c5c7e ( 228864 bytes)
File: netmeet.htm_
Path : %systemdrive%\program files\netmeeting

Md5Hash :( bytes)
File: getcm.txt_
Path : %systemdrive%\windows

Md5Hash :( bytes)
File: ciquery.htm_
Path : %systemdrive%\windows\help

Md5Hash :( bytes)
File: migwiz.htm_
Path : %systemdrive%\windows\help

Md5Hash :( bytes)
File: intro.txt_
Path : %systemdrive%\windows\help\tours\mmtour

Md5Hash :( bytes)
File: instcm.txt_
Path : %systemdrive%\windows

Md5Hash :( bytes)
File: pooltag.txt_
Path : %systemdrive%\windows

Md5Hash :( bytes)
File: schedlgu.txt_
Path : %systemdrive%\windows

Md5Hash :( bytes)
File: setuplog.txt_
Path : %systemdrive%\windows

Md5Hash :( bytes)
File: eula.txt_
Path : %systemdrive%\windows\system32

Md5Hash :( bytes)
File: h323log.txt_
Path : %systemdrive%\windows\system32

Md5Hash :( bytes)
File: actshell.htm_
Path : %systemdrive%\windows\system32\oobe

Md5Hash :( bytes)
File: pulse.htm_
Path : %systemdrive%\windows\system32\oobe\error

Md5Hash :( bytes)
File: fini.htm_
Path : %systemdrive%\windows\system32\oobe\setup

Md5Hash :( bytes)
File: iconn.htm_
Path : %systemdrive%\windows\system32\oobe\setup

Md5Hash :( bytes)
File: isp.htm_
Path : %systemdrive%\windows\system32\oobe\setup

Md5Hash :( bytes)
File: keybd.htm_
Path : %systemdrive%\windows\system32\oobe\setup

Md5Hash :( bytes)
File: reg1.htm_
Path : %systemdrive%\windows\system32\oobe\setup

Md5Hash :( bytes)
File: powertoyreadme.htm_
Path : %systemdrive%\windows\system32

Md5Hash :( bytes)
File: tip.htm_
Path : %systemdrive%\windows\web

Md5Hash :( bytes)
File: _ctflog.exe
Path : %windir%

Md5Hash :d4d9410ac01df0a3faef74c1d2670dd0 ( 88785 bytes)
File: comwab.exe
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1b52189713457893cc747d4a5832a1ac ( 208384 bytes)
7529867e032d91b6a415094bc059bfab ( 208388 bytes)
File: explore.exe
Path : %windir%

Md5Hash :342d75294c3391a34e099efe697523b5 ( 206850 bytes)
File: inetinfomon.exe
Path : %windir%

Md5Hash :5032f7d4dee01a1d49c0a8cec3658dc9 ( 86735 bytes)
File: cal.exe
Path : %windir%\media

Md5Hash :45d19926932675dba690b89ef943e262 ( 302080 bytes)
File: call32.exe
Path : %windir%\media

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0babdbb941e8d92a6e5d0acc6658b9e7 ( 258982 bytes)
2bd79e5f250baf6fea64314c98cb9f1a ( 228864 bytes)
3d996e26e41eeaf2c70b0213724344fa ( 352768 bytes)
5fb0a019e755b441e6a077f4fdd8175b ( 652800 bytes)
605bc9137c4490e7daca3b2cd75f5634 ( 652800 bytes)
b2e6e2d675afcca08dc37f9dbdca29bc ( 227328 bytes)
c3ee989131841107daa21b3b8bf8a27e ( 378368 bytes)
d366ce975bc484defad3b29c8e8b4ea6 ( 652800 bytes)
fc30c2c06bcf6eb85a67f44911c1261c ( 262425 bytes)
fcd961ee9bd11a02189a9b7166635fe5 ( 228864 bytes)
fd3e12d2797fe716b9295768996d139e ( 300032 bytes)
File: mpm.exe
Path : %windir%

Md5Hash :85244da19d42d81ade2a08e1ad8cd11e ( 86737 bytes)
File: service.exe
Path : %windir%

Md5Hash :c38ceba1ccc0940c0388fdba06c93b8a ( 229376 bytes)
File: outlook express.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0babdbb941e8d92a6e5d0acc6658b9e7 ( 258982 bytes)
2bd79e5f250baf6fea64314c98cb9f1a ( 228864 bytes)
3d996e26e41eeaf2c70b0213724344fa ( 352768 bytes)
45d19926932675dba690b89ef943e262 ( 302080 bytes)
5fb0a019e755b441e6a077f4fdd8175b ( 652800 bytes)
605bc9137c4490e7daca3b2cd75f5634 ( 652800 bytes)
b2e6e2d675afcca08dc37f9dbdca29bc ( 227328 bytes)
c3ee989131841107daa21b3b8bf8a27e ( 378368 bytes)
d366ce975bc484defad3b29c8e8b4ea6 ( 652800 bytes)
fc30c2c06bcf6eb85a67f44911c1261c ( 262425 bytes)
fcd961ee9bd11a02189a9b7166635fe5 ( 228864 bytes)
fd3e12d2797fe716b9295768996d139e ( 300032 bytes)
File: winlog.exe
Path : %windir%

Md5Hash :b552eded302e75cd6f4d0124433cb351 ( 206848 bytes)
File: xpos.exe
Path : %windir%

Md5Hash :f7459e7803436fb2f8a523a2189fd552 ( 255488 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
033cae29bad26704f04e5c26caddaf71 ( 214528 bytes)
05c430cad10bc9c5a4f2a98a3d42da93 ( 709432 bytes)
074ee05bb9739c401c18f5854cce6b1c ( 229376 bytes)
0989c5511f33157527bb5988c71014fd ( 219136 bytes)
0babdbb941e8d92a6e5d0acc6658b9e7 ( 258982 bytes)
0cb8cebc3f858eeb42097e12464a26a0 ( 219136 bytes)
11f62bbea4c2f9819a88ba0da0f35381 ( 381952 bytes)
16285e8c4040df1c291f90a6e68c076e ( 452422 bytes)
17daf99c1fa50fd58aa4d02b3beb5ff7 ( 258048 bytes)
1b52189713457893cc747d4a5832a1ac ( 208384 bytes)
1da86c7e3b15dcb3b1ded45ea75b0e78 ( 219136 bytes)
1ead0cc7f7db8d9be72fb97ea8f41dcd ( 214528 bytes)
21b1b6c438cc01ceaf17a9275fb00f51 ( 302084 bytes)
22690f056dc0b1d0a23b1991fbad75ae ( 368128 bytes)
236e7b24d0ef1c69566a1acbc9e4c885 ( 404266 bytes)
24972718256e87b4923155bbe350cf19 ( 403214 bytes)
24a9dc4de7ae4568deaedbc25ab0ba3b ( 711273 bytes)
26a169c41b53c68654f9515be7a1d4a7 ( 552960 bytes)
2bd79e5f250baf6fea64314c98cb9f1a ( 228864 bytes)
2e2dc3c1d314bb6ef090fae8bfe81e1c ( 370176 bytes)
2fa95efcb14921920d89c171ca475777 ( 427520 bytes)
3096b6529cc9df1c8f15778dcf70ce1b ( 197120 bytes)
32695af4407778932c7442ef520cdd5e ( 421470 bytes)
336cc72a64f7d4b2809f7d7bc7bc85d2 ( 219136 bytes)
342d75294c3391a34e099efe697523b5 ( 206850 bytes)
34a639be38cc8aeb8404e595ddf930fe ( 302085 bytes)
355a806ce041c23445a1330d8c5a20d5 ( 219136 bytes)
3769569ea538d22d23522fbb9136d1b9 ( 340740 bytes)
3bafe9ac5bf0d88da63a537d3a50b498 ( 220672 bytes)
3c367b16b075c1312661a4c08eaccb9a ( 230400 bytes)
3d70837a495c56db13f1ba5f52aa0f51 ( 479232 bytes)
3d996e26e41eeaf2c70b0213724344fa ( 352768 bytes)
41ccb11a551b2b865dbce2831c109d06 ( 219136 bytes)
430fee26ba329ab05351272718ab843c ( 164138 bytes)
44364e4db3e2bec75fba499c538ea362 ( 219136 bytes)
45d19926932675dba690b89ef943e262 ( 302080 bytes)
4bbf30bc970242243f5e344c10356e6e ( 219136 bytes)
4bd5be1e86e42babead8a1648c2ffb0b ( 302095 bytes)
5032f7d4dee01a1d49c0a8cec3658dc9 ( 86735 bytes)
58fe26f3bd083907069a57ab360280a6 ( 273445 bytes)
5a07eac012570729ef742e48abd6b472 ( 450048 bytes)
5b985a0a662787b3ee8c9cf2ee0dd89c ( 302085 bytes)
5d43ee9fb49e4abd8aad69566fa1eb29 ( 377256 bytes)
5ebdf73cd37ecfeb376abac768ab5ea7 ( 273443 bytes)
5f25bc25706132fa3ddc03978b067504 ( 194479 bytes)
5fb0a019e755b441e6a077f4fdd8175b ( 652800 bytes)
603078b45683ca2e6efe345ed79ff2f2 ( 245248 bytes)
605bc9137c4490e7daca3b2cd75f5634 ( 652800 bytes)
60c85c378655fdf2fb75164accb885ec ( 302085 bytes)
634911c3f7c3afcd9b1dfa92eceb2b37 ( 652800 bytes)
67383936aa02b1586bfb8557b201019e ( 254976 bytes)
6b2449962790e7a46e1d9125d236aa02 ( 29184 bytes)
6d5cc8fe42b5fbadbaad44ac3c29e3a5 ( 368130 bytes)
75293cb2c6ef778bdc51e16e40424891 ( 219136 bytes)
7529867e032d91b6a415094bc059bfab ( 208388 bytes)
766c0407f8c61fa8a83bc14dddfef2a6 ( 816640 bytes)
77ba145347be5b6bba65cca317ca6445 ( 214528 bytes)
78f3bb4df94a5699a472524e4796762c ( 110080 bytes)
7bcb1986591884e2729e72ea1240cbe1 ( 220672 bytes)
7f75e68cea48d7081ebe32b30e8a3f32 ( 452608 bytes)
81
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
_ctflog manager = "%windir%\_ctflog.exe"
|__ Value Added :
explore manager = "%windir%\explore.exe"
|__ Value Added :
inetinfomon manager = "%windir%\inetinfomon.exe"
|__ Value Added :
mpm manager = "%windir%\mpm.exe"
|__ Value Added :
outlook = "%windir%\system32\outlook express.exe"
|__ Value Added :
service manager = "%windir%\service.exe"
|__ Value Added :
winlog manager = "%WINDIR%\winlog.exe"
|__ Value Added :
cal = "%windir%\media\cal.exe"
|__ Value Added :
call32 = "%windir%\media\call32.exe"
|__ Value Added :
comwab = "%windir%\comwab.exe"

NOTE:

1. %allusersprofile% Refers to the windows all users profile folder. By default it is 'C:\Documents and Settings\All Users'
3. %workingdir% Refers to the current directory in which user is working.
4. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
5. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.