Backdoor

About “Backdoor.Win32.Farfli.bvvd” infection

Malware Removal

The Backdoor.Win32.Farfli.bvvd is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Farfli.bvvd virus can do?

  • Executable code extraction
  • At least one process apparently crashed during execution
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Deletes its original binary from disk
  • A process attempted to delay the analysis task by a long amount of time.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Checks the system manufacturer, likely for anti-virtualization
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Farfli.bvvd?



File Info:

crc32: 6E4E0E19
md5: b4ce42cda9b12f1a823c834156d82cdd
name: B4CE42CDA9B12F1A823C834156D82CDD.mlw
sha1: 465a7a383e8fbc3baa553075f2342b9249de3af8
sha256: 93fb3b2470e882cb3e84afddda2fcf9014494a9ef65dc7451062064a97f1e684
sha512: f32ce88cf24ff9bb8c9ffa72496960fcf7291f9117770a7e033fcde864c115b1c735eb96c0bef40ec55f8e6359b9dc53ea7ca30b4360003753df2f91ed55f176
ssdeep: 768:J6laN7dGuGnV6BKFrtY9nLsQyQXwuZmpUPG9:J6/uGnV6BKRtunIoAuZ9O
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: SAGA Incorporated, Copyright (C) 1998
InternalName: DSplit
FileVersion: 1, 0, 0, 1
CompanyName: 
ProductName: Dynamic splitter (demo)
ProductVersion: 1, 0, 0, 1
FileDescription: Dynamic splitter (demo)
OriginalFilename: DSplit.EXE
Translation: 0x0409 0x04b0

Backdoor.Win32.Farfli.bvvd also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoader18.59296
CynetMalicious (score: 100)
CAT-QuickHealTrojan.MauvaiseRI.S5245956
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaBackdoor:Win32/Farfli.13c
Cybereasonmalicious.da9b12
BaiduWin32.Trojan-Downloader.Agent.jm
CyrenW32/Trojan.IM.gen!Eldorado
SymantecDownloader!gm
ESET-NOD32Win32/TrojanDownloader.Agent.BZI
ZonerTrojan.Win32.83819
APEXMalicious
AvastWin32:Evo-gen [Susp]
ClamAVWin.Downloader.Farfli-6453698-0
KasperskyBackdoor.Win32.Farfli.bvvd
BitDefenderTrojan.Cud.Gen.1
NANO-AntivirusVirus.Win32.Gen.ccmw
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
MicroWorld-eScanTrojan.Cud.Gen.1
TencentMalware.Win32.Gencirc.10b0cde3
Ad-AwareTrojan.Cud.Gen.1
ComodoBackdoor.Win32.Beaugrit.C@6l4u2b
BitDefenderThetaAI:Packer.46604AC01F
VIPRELooksLike.Win32.Uruasy.b!ag (v)
TrendMicroTROJ_GEN.R005C0DF921
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.b4ce42cda9b12f1a
EmsisoftTrojan.Cud.Gen.1 (B)
SentinelOneStatic AI – Malicious PE
JiangminWorm.WBNA.hcvd
AviraTR/Crypt.XPACK.Gen
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASCommon.1F4
MicrosoftTrojanDownloader:Win32/Farfli.F!bit
GridinsoftTrojan.Win32.Agent.dg!s1
GDataTrojan.Cud.Gen.1
AhnLab-V3Trojan/Win32.RL_Itagomoko.R365141
Acronissuspicious
McAfeeGenericRXAA-FA!B4CE42CDA9B1
MAXmalware (ai score=80)
VBA32BScope.TrojanDownloader.Dupzom
MalwarebytesMalware.AI.4006694808
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R005C0DF921
RisingTrojan.Generic@ML.90 (RDML:J4irOkCzpylLasOwgnAEvg)
IkarusTrojan-Downloader.Win32.Agent
FortinetW32/Agent.BZI!tr.dldr
AVGWin32:Evo-gen [Susp]
Paloaltogeneric.ml

How to remove Backdoor.Win32.Farfli.bvvd?

Backdoor.Win32.Farfli.bvvd removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment