Categories: Backdoor

Backdoor.Win32.Farfli.buow removal instruction

The Backdoor.Win32.Farfli.buow is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Farfli.buow virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Executed a process and injected code into it, probably while unpacking
Network activity detected but not expressed in API logs
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor.Win32.Farfli.buow?


File Info:
crc32: 4016CC93md5: 9ccb1198a07887868fd44e95c2866b17name: 9CCB1198A07887868FD44E95C2866B17.mlwsha1: f95ad1e537f6416cbbd69d7d8dd0378224b03955sha256: 261ef4cd51d78e2d16097bd428186f42adc7ed2f2add5672789101a0b3e2878esha512: be6f176fcaa3c005212d60c7c263d0a225594a03cd5d0e129a2250b928cbe057aed5699c8e60e1b7caffacaedf5e76f0c3a369d821bb93ca0787896d6665e5fassdeep: 6144:ABABAdbouCA9dctS6HrFGDrbyyu6vzTr5dNKTToAH6s:AmB0OCW1gDpu6nrcVastype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.InternalName: Wextract                FileVersion: 6.00.3790.0 (srv03_rtm.030324-2048)CompanyName: Microsoft CorporationProductName: Microsoftxae Windowsxae Operating SystemProductVersion: 6.00.3790.0FileDescription: Win32 Cabinet Self-Extractor                                           OriginalFilename: WEXTRACT.EXE            Translation: 0x0409 0x04b0

Backdoor.Win32.Farfli.buow also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Graftor.494720
FireEye	Generic.mg.9ccb1198a0788786
CAT-QuickHeal	Trojan.Mauvaise.SL1
ALYac	Gen:Variant.Graftor.494720
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 005376ae1 )
BitDefender	Gen:Variant.Graftor.494720
K7GW	Trojan ( 005376ae1 )
Cybereason	malicious.8a0788
Cyren	W32/Agent.BTG.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GGXP
APEX	Malicious
Avast	Win32:Evo-gen [Susp]
ClamAV	Win.Malware.Farfli-9658208-0
Kaspersky	Backdoor.Win32.Farfli.buow
NANO-Antivirus	Trojan.Win32.BlackMoon.flthzb
Tencent	Malware.Win32.Gencirc.10ce2baf
Ad-Aware	Gen:Variant.Graftor.494720
Sophos	ML/PE-A + Troj/Agent-BEJP
Comodo	Backdoor.Win32.Zegost.XP@7o7w19
F-Secure	Heuristic.HEUR/AGEN.1135306
DrWeb	BackDoor.BlackMoon.15
Zillya	Worm.Palevo.Win32.124018
McAfee-GW-Edition	BehavesLike.Win32.Fake.dc
Emsisoft	Gen:Variant.Graftor.494720 (B)
Jiangmin	Trojan.Blamon.afk
MaxSecure	Win.MxResIcn.Heur.Gen
Avira	HEUR/AGEN.1135306
Antiy-AVL	Trojan/Win32.APosT
Microsoft	Trojan:Win32/Farfli
Gridinsoft	Trojan.Win32.Kryptik.ba!s2
Arcabit	Trojan.Graftor.D78C80
AhnLab-V3	Backdoor/Win32.RL_Farfli.R333331
ZoneAlarm	Backdoor.Win32.Farfli.buow
GData	Gen:Variant.Graftor.494720
Cynet	Malicious (score: 100)
McAfee	GenericRXAA-AA!9CCB1198A078
MAX	malware (ai score=86)
VBA32	Trojan.APosT
Malwarebytes	Generic.Trojan.Dropper.DDS
Panda	Trj/Genetic.gen
Rising	Backdoor.Farfli!8.B4 (TFE:5:5jAUp50zBjO)
Yandex	Trojan.Kryptik!h9wctYwL3eU
Ikarus	Trojan.Win32.Crypt
eGambit	Unsafe.AI_Score_52%
Fortinet	W32/Kryptik.GGXP!tr
AVG	Win32:Evo-gen [Susp]
CrowdStrike	win/malicious_confidence_90% (D)
Qihoo-360	HEUR/QVM11.1.F1C9.Malware.Gen