Troj/Delf-HA is a Trojan for the Windows platform that can be used to send unsolicited SMS messages. The Trojan comes as a self extractable UPX file inst.exe, but it can have any other name. When the Trojan installer is run, it creates the file rundnm.exe in the Windows system folder.
In order to run automatically when Windows starts up the dropper file creates the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RUNDNM
<SYSTEM>\Rundnm.exe
Troj/Delf-HA connects to the URL www.vlasof1.narod.ru and attempts to download a file sms.txt. Sms.txt is a file that contains the details about the SMS message that the Trojan may attempt to send using SMS submission forms located on websites of several Russian mobile phone network providers.