Categories: Backdoor

How to remove “Backdoor.Win32.Farfli.byzt”?

The Backdoor.Win32.Farfli.byzt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Farfli.byzt virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the PCRat malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Farfli.byzt?



File Info:

name: 42E9570D1629AA57D495.mlwpath: /opt/CAPEv2/storage/binaries/84d320e3ad9aed593fc1d7f67bf2e4039df5a4dd46fddb4cbd2f856080a9adb3crc32: B50D5183md5: 42e9570d1629aa57d495409be9c1d34bsha1: 4b3bcfa88d75bb12a8315ff23d153c8e4d95648fsha256: 84d320e3ad9aed593fc1d7f67bf2e4039df5a4dd46fddb4cbd2f856080a9adb3sha512: 3e12d6e118c953d2875af51fc8def70b821395a208b7c4f24d34ee31f71c5b28a9e2c0d25ddc4b47d8d8c614c826d631a3749930c0d749660a2018f3ca7fcd3cssdeep: 24576:a5IE7ac//lKjCyAXfm3vsjR2fTppEdPrqNSiC/dAiIJ6DOIGnqHwh3UoOJ0nT8Bl:a17f/cjCy3sNPO7Cl1NcnqHwlkiwlMahtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1AD753366036CEE48DF9A0473515B38BDDC7E33A152A8C8EC97A178225DC93F50BB660Dsha3_384: ad4b729c499435225d8d2b250bcd3658f60dc886ca62716c85f3ee114651914129f7f8cebba3cfaf7da3edc91be8c9c8ep_bytes: 558bec83c4f0b800104000e801000000timestamp: 2019-12-02 12:20:52

Version Info:

0: [No Data]

Backdoor.Win32.Farfli.byzt also known as:

Lionic Trojan.Win32.Farfli.m!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.48669162
FireEye Generic.mg.42e9570d1629aa57
ALYac Trojan.GenericKD.48669162
Cylance Unsafe
Sangfor Backdoor.Win32.Farfli.byzt
K7AntiVirus Trojan ( 00529ea81 )
Alibaba Backdoor:Win32/Farfli.7d610e88
K7GW Trojan ( 00529ea81 )
Cybereason malicious.88d75b
BitDefenderTheta Gen:NN.ZexaF.34606.HvY@aSPbnjoi
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Packed.EnigmaProtector.J suspicious
APEX Malicious
Paloalto generic.ml
Kaspersky Backdoor.Win32.Farfli.byzt
BitDefender Trojan.GenericKD.48669162
NANO-Antivirus Trojan.Win32.Farfli.jnmkfw
Avast Win32:Malware-gen
Tencent Win32.Backdoor.Farfli.Pdwj
Ad-Aware Trojan.GenericKD.48669162
Emsisoft Trojan.GenericKD.48669162 (B)
F-Secure Heuristic.HEUR/AGEN.1215877
Zillya Trojan.EnigmaProtector.Win32.3078
TrendMicro TROJ_GEN.R002C0WCM22
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-S
GData Win32.Trojan-Spy.Keylogger.VGDC5A
Jiangmin Backdoor.Farfli.fvy
Avira HEUR/AGEN.1215877
MAX malware (ai score=87)
Antiy-AVL GrayWare/Win32.EnigmaProtect.a
Arcabit Trojan.Generic.D2E6A1EA
ZoneAlarm Backdoor.Win32.Farfli.byzt
Microsoft Backdoor:Win32/Bladabindi!ml
Cynet Malicious (score: 100)
McAfee Artemis!42E9570D1629
VBA32 Backdoor.Bladabindi
Malwarebytes Trojan.FakeSig
TrendMicro-HouseCall TROJ_GEN.R002C0WCM22
Rising PUF.Pack-Enigma!1.BA33 (CLOUD)
Yandex Backdoor.Farfli!Jf3RY2SOKS8
SentinelOne Static AI – Malicious PE
MaxSecure Trojan.Malware.11374565.susgen
Fortinet Malicious_Behavior.SB
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Farfli.byzt?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor.Win32.Farfli.byzt
2 years ago

Recent Posts

Packer.Morphine.B information

The Packer.Morphine.B is considered dangerous by lots of security experts. When this infection is active,…

2 mins ago

What is “TrojanDownloader:Win32/Beebone.AG”?

The TrojanDownloader:Win32/Beebone.AG is considered dangerous by lots of security experts. When this infection is active,…

2 mins ago

TrojanDownloader:Win32/Whynxy.A removal instruction

The TrojanDownloader:Win32/Whynxy.A is considered dangerous by lots of security experts. When this infection is active,…

12 mins ago

Malware.AI.3248065089 removal tips

The Malware.AI.3248065089 is considered dangerous by lots of security experts. When this infection is active,…

12 mins ago

Generic.Dacic.94CCEEA9.A.8C28D63A removal

The Generic.Dacic.94CCEEA9.A.8C28D63A is considered dangerous by lots of security experts. When this infection is active,…

12 mins ago

About “Malware.AI.3891125455” infection

The Malware.AI.3891125455 is considered dangerous by lots of security experts. When this infection is active,…

17 mins ago