Backdoor

Backdoor.Farfli.UPX removal guide

Malware Removal

The Backdoor.Farfli.UPX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Farfli.UPX virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Starts servers listening on 0.0.0.0:13141
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file

Related domains:

r.nxxxn.ga
fuck88.f3322.net

How to determine Backdoor.Farfli.UPX?



File Info:

crc32: D7552A3C
md5: 652b128649df6cb78853f70cc94aaca3
name: ReportServser.exe
sha1: 06c857e7628ce04c37b682a4e45558d17bd41910
sha256: a146565088734db7171f87194cb585d63cd58884ba5069ad31934ee1ace545da
sha512: 04c29b527e6ef58549fea0812c9fe93ae84eea60610de6708059a43278b948db900c03ad202907e1068ec683a87f0b047640eea27ea36a48c30d2483e7a355ee
ssdeep: 24576:wB0NWp6nr52LyDXRfJ5dwEztbXCmAUscM7P8g6A7Vpg83atTUHnlr:wBSDnV3XRfJ/emAUscMoCVuw
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: Mozilla Corporation
FileVersion: 74.0
CompanyName: Mozilla Corporation
LegalTrademarks: Firefox is a Trademark of The Mozilla Foundation.
ProductName: Firefox
ProductVersion: 74.0
FileDescription: Mozilla Maintenance Service Installer
OriginalFilename: maintenanceservice_installer.exe
Translation: 0x0409 0x04b0

Backdoor.Farfli.UPX also known as:

MicroWorld-eScanGen:Variant.Graftor.494720
FireEyeGeneric.mg.652b128649df6cb7
CAT-QuickHealTrojan.Mauvaise.SL1
McAfeeGenericRXAA-AA!652B128649DF
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 00531ee81 )
BitDefenderGen:Variant.Graftor.494720
K7GWTrojan ( 00531ee81 )
Cybereasonmalicious.649df6
Invinceaheuristic
APEXMalicious
AvastWin32:Malware-gen
GDataGen:Variant.Graftor.494720
KasperskyTrojan.Win32.Blamon.oyg
NANO-AntivirusTrojan.Win32.BlackMoon.flthzb
RisingBackdoor.Farfli!8.B4 (RDMK:cmRtazrzC/Fvmeygn4izLc26FwQS)
Endgamemalicious (moderate confidence)
SophosTroj/Agent-BEJP
ComodoBackdoor.Win32.Zegost.XP@7o7w19
F-SecureTrojan.TR/Crypt.Agent.uzqab
DrWebBackDoor.BlackMoon.15
ZillyaWorm.Palevo.Win32.124018
McAfee-GW-EditionGenericRXHP-JI!62FEA8C39E6E
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Graftor.494720 (B)
CyrenW32/Trojan.JAQO-5654
JiangminBackdoor.Farfli.ckm
AviraTR/Crypt.Agent.uzqab
WebrootW32.Blamon
Antiy-AVLTrojan/Win32.APosT
ArcabitTrojan.Graftor.D78C80
ZoneAlarmTrojan.Win32.Blamon.oyg
MicrosoftTrojan:Win32/Wacatac.D!ml
AhnLab-V3Backdoor/Win32.RL_Farfli.R333331
Acronissuspicious
VBA32Trojan.APosT
ALYacGen:Variant.Graftor.494720
Ad-AwareGen:Variant.Graftor.494720
MalwarebytesBackdoor.Farfli.UPX
ESET-NOD32a variant of Win32/Kryptik.GGXP
TencentMalware.Win32.Gencirc.10b9c3db
YandexTrojan.Kryptik!ikbLLfr6/RE
MAXmalware (ai score=86)
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.GGXP!tr
BitDefenderThetaGen:NN.ZexaF.34106.lnKfaakxX9aj
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_60% (D)
Qihoo-360HEUR/QVM11.1.C37D.Malware.Gen

How to remove Backdoor.Farfli.UPX?

Backdoor.Farfli.UPX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment