Backdoor

Backdoor.Win32.Farfli.buow removal instruction

Malware Removal

The Backdoor.Win32.Farfli.buow is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Farfli.buow virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Executed a process and injected code into it, probably while unpacking
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Backdoor.Win32.Farfli.buow?



File Info:

crc32: 4016CC93
md5: 9ccb1198a07887868fd44e95c2866b17
name: 9CCB1198A07887868FD44E95C2866B17.mlw
sha1: f95ad1e537f6416cbbd69d7d8dd0378224b03955
sha256: 261ef4cd51d78e2d16097bd428186f42adc7ed2f2add5672789101a0b3e2878e
sha512: be6f176fcaa3c005212d60c7c263d0a225594a03cd5d0e129a2250b928cbe057aed5699c8e60e1b7caffacaedf5e76f0c3a369d821bb93ca0787896d6665e5fa
ssdeep: 6144:ABABAdbouCA9dctS6HrFGDrbyyu6vzTr5dNKTToAH6s:AmB0OCW1gDpu6nrcVas
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: Wextract                
FileVersion: 6.00.3790.0 (srv03_rtm.030324-2048)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.00.3790.0
FileDescription: Win32 Cabinet Self-Extractor                                           
OriginalFilename: WEXTRACT.EXE            
Translation: 0x0409 0x04b0

Backdoor.Win32.Farfli.buow also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.494720
FireEyeGeneric.mg.9ccb1198a0788786
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGen:Variant.Graftor.494720
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 005376ae1 )
BitDefenderGen:Variant.Graftor.494720
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.8a0788
CyrenW32/Agent.BTG.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GGXP
APEXMalicious
AvastWin32:Evo-gen [Susp]
ClamAVWin.Malware.Farfli-9658208-0
KasperskyBackdoor.Win32.Farfli.buow
NANO-AntivirusTrojan.Win32.BlackMoon.flthzb
TencentMalware.Win32.Gencirc.10ce2baf
Ad-AwareGen:Variant.Graftor.494720
SophosML/PE-A + Troj/Agent-BEJP
ComodoBackdoor.Win32.Zegost.XP@7o7w19
F-SecureHeuristic.HEUR/AGEN.1135306
DrWebBackDoor.BlackMoon.15
ZillyaWorm.Palevo.Win32.124018
McAfee-GW-EditionBehavesLike.Win32.Fake.dc
EmsisoftGen:Variant.Graftor.494720 (B)
JiangminTrojan.Blamon.afk
MaxSecureWin.MxResIcn.Heur.Gen
AviraHEUR/AGEN.1135306
Antiy-AVLTrojan/Win32.APosT
MicrosoftTrojan:Win32/Farfli
GridinsoftTrojan.Win32.Kryptik.ba!s2
ArcabitTrojan.Graftor.D78C80
AhnLab-V3Backdoor/Win32.RL_Farfli.R333331
ZoneAlarmBackdoor.Win32.Farfli.buow
GDataGen:Variant.Graftor.494720
CynetMalicious (score: 100)
McAfeeGenericRXAA-AA!9CCB1198A078
MAXmalware (ai score=86)
VBA32Trojan.APosT
MalwarebytesGeneric.Trojan.Dropper.DDS
PandaTrj/Genetic.gen
RisingBackdoor.Farfli!8.B4 (TFE:5:5jAUp50zBjO)
YandexTrojan.Kryptik!h9wctYwL3eU
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_52%
FortinetW32/Kryptik.GGXP!tr
AVGWin32:Evo-gen [Susp]
CrowdStrikewin/malicious_confidence_90% (D)
Qihoo-360HEUR/QVM11.1.F1C9.Malware.Gen

How to remove Backdoor.Win32.Farfli.buow?

Backdoor.Win32.Farfli.buow removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment