Categories: Backdoor

What is “Backdoor.Win32.Farfli.brjz”?

The Backdoor.Win32.Farfli.brjz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Farfli.brjz virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Executed a process and injected code into it, probably while unpacking
Network activity detected but not expressed in API logs
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor.Win32.Farfli.brjz?


File Info:
crc32: 9D59B2DAmd5: fcef63f2e78e5b1d5cbb9d585906e8bename: FCEF63F2E78E5B1D5CBB9D585906E8BE.mlwsha1: f9372bc5e1c38ffd0f85b82a78801f3c994f04b3sha256: 61512d5358d147b075736e01bf9708bc0029ea6360c69f7af09a920b11087efbsha512: 9bd2bb903a57d131a24374300898f586eb81ae24f17d2eba1a5be4858a12b5ffbf065b9377dfe57de6842e2ff349296a500c8209b5207f9911d7c42765ce1808ssdeep: 6144:lBABAdbouCA9dctS6HrFGDrbyyu6vzTr5dNKTToAH6s:lmB0OCW1gDpu6nrcVastype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.InternalName: Wextract                FileVersion: 6.00.3790.0 (srv03_rtm.030324-2048)CompanyName: Microsoft CorporationProductName: Microsoftxae Windowsxae Operating SystemProductVersion: 6.00.3790.0FileDescription: Win32 Cabinet Self-Extractor                                           OriginalFilename: WEXTRACT.EXE            Translation: 0x0409 0x04b0

Backdoor.Win32.Farfli.brjz also known as:

MicroWorld-eScan	Gen:Variant.Graftor.494720
FireEye	Gen:Variant.Graftor.494720
CAT-QuickHeal	Trojan.Mauvaise.SL1
McAfee	GenericRXAA-AA!FCEF63F2E78E
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Farfli.m!c
Sangfor	Malware
K7AntiVirus	Trojan ( 005376ae1 )
BitDefender	Gen:Variant.Graftor.494720
K7GW	Trojan ( 005376ae1 )
CrowdStrike	win/malicious_confidence_70% (W)
Invincea	heuristic
F-Prot	W32/Agent.BTG.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
GData	Gen:Variant.Graftor.494720
Kaspersky	Backdoor.Win32.Farfli.brjz
Alibaba	Backdoor:Win32/Farfli.714bbf86
NANO-Antivirus	Trojan.Win32.BlackMoon.flthzb
Tencent	Malware.Win32.Gencirc.10b9c3cb
Endgame	malicious (moderate confidence)
Sophos	Troj/Agent-BEJP
Comodo	Backdoor.Win32.Zegost.XP@7o7w19
F-Secure	Heuristic.HEUR/AGEN.1115359
DrWeb	BackDoor.BlackMoon.15
Zillya	Worm.Palevo.Win32.124018
TrendMicro	TROJ_GEN.R002C0DE120
McAfee-GW-Edition	BehavesLike.Win32.Fake.dc
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Graftor.494720 (B)
Ikarus	Trojan.Win32.Crypt
Cyren	W32/Trojan.WDZH-7669
Jiangmin	Backdoor.Androm.algc
MaxSecure	Trojan.Malware.7177504.susgen
Avira	HEUR/AGEN.1115359
Webroot	W32.Malware.gen
Antiy-AVL	Trojan/Win32.APosT
Arcabit	Trojan.Graftor.D78C80
ZoneAlarm	Backdoor.Win32.Farfli.brjz
Microsoft	Trojan:Win32/Farfli.RSK!MTB
AhnLab-V3	Backdoor/Win32.RL_Farfli.R333331
Acronis	suspicious
VBA32	Trojan.APosT
ALYac	Gen:Variant.Graftor.494720
Ad-Aware	Gen:Variant.Graftor.494720
Malwarebytes	Backdoor.Farfli
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Kryptik.GGXP
TrendMicro-HouseCall	TROJ_GEN.R002C0DE120
Rising	Backdoor.Farfli!8.B4 (CLOUD)
Yandex	Trojan.Kryptik!h9wctYwL3eU
MAX	malware (ai score=87)
eGambit	Unsafe.AI_Score_55%
Fortinet	W32/Kryptik.GGXP!tr
AVG	Win32:Malware-gen
Cybereason	malicious.2e78e5
Paloalto	generic.ml
Qihoo-360	Win32/Backdoor.600