Win32/Spy.Delf.QLL [Threat Name] go to Threat

Win32/Spy.Delf.QLL [Threat Variant Name]

Category trojan
Size 615424 B
Detection created Jan 09, 2017
Detection database version 14740
Short description

Win32/Spy.Delf.QLL is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan does not create any copies of itself.

Information stealing

The trojan searches for files on the following drives:

  • C:\­
  • D:\­

The trojan searches for files which contain any of the following strings in their file name:

  • .wallet

It avoids files which contain any of the following strings in their path:

  • C:\­Windows\­
  • C:\­Windows.old\­

The trojan may steal wallet files of the following digital currencies:

  • Bitcoin

The trojan attempts to send gathered information to a remote machine.


The trojan contains a list of (2) URLs. The HTTP protocol is used in the communication.

Please enable Javascript to ensure correct displaying of this content and refresh this page.