Trojan:BAT/Delosc.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 455 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 99,426 |
| First Seen: | January 26, 2012 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
Trojan:BAT/Delosc.A is a trojan that was first detected in January of 2012. It has been linked to a malicious Romanian website, although there is no doubt that this malware attacker is not limited to this particular attack website. This website, asistentasociala.info, which translates as 'social assistance' or 'social welfare' was not considered as a dangerous website. In fact, this web page is quite popular and is near the top in search engine rankings. It seems that Trojan:BAT/Delosc.A may have been inserted into this website as a way to target more victims by taking advantage of the demand of this particular Romanian website.
Table of Contents
How Criminals Use Asistentasociala.info to Deliver Trojan:BAT/Delosc.A
The web page mentioned above attempts to help computer users by providing samples of how to fill out various official documents used in important transactions. However, criminals have managed to substitute these documents with malware such as Trojan:BAT/Delosc.A. To carry this attack out, criminals must have hacked this website, since its previous credentials and reputation do not make it likely that asistentasociala.info turned into an attack website overnight. Trojan:BAT/Delosc.A will be contained in an EXE file, which is disguised as cerere.doc, which should be a file for Microsoft Word ('cerere' means 'application' in Romanian, making it likely that this file is disguised as an application form for some kind of transaction). While the EXE file will contain a Microsoft Word icon, these are actually executables which install Trojan:BAT/Delosc.A on the victim's computer when the victim attempts to open them. Other malicious files on this website use icons imitating PDF files and Excel files. In a clever move, the criminals behind Trojan:BAT/Delosc.A attack have engineered their executable files so that they will drop and open the original Excel, Word or PDF file so that the victim will not be aware that Trojan:BAT/Delosc.A has infected their computer system.
How Trojan:BAT/Delosc.A Attacks Your Computer System
Apart from dropping the original file, the EXE file also drops a BAT file which security software detects as Trojan:BAT/Delosc.A. This BAT file named open_file is dropped in the Temporary files folder. The main task that Trojan:BAT/Delosc.A carries out on the victim's computer is detecting the presence of a program that is used in official Romanian government institutions. These are Indaco and Aplxpert, programs used for legal documents and public administration. It targets specific documents and folders with strings related to social assistance tasks, making it seem like the goal of the criminals behind Trojan:BAT/Delosc.A is to cause chaos within the Romanian government.
URLs
Trojan:BAT/Delosc.A may call the following URLs:
| onemacusa.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.