Backdoor

Backdoor.Win32.Farfli.cbip information

Malware Removal

The Backdoor.Win32.Farfli.cbip is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Farfli.cbip virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the PCRat malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Farfli.cbip?



File Info:

name: F34A4EF70928978A47FF.mlw
path: /opt/CAPEv2/storage/binaries/edbb1fbe5d4546bdc496128e61486db12f421da1b0ba2b2564f051a68baaa8d6
crc32: 45503212
md5: f34a4ef70928978a47ffbd0b06fd5694
sha1: d21b3162d160147d920b0fcdae02091c99ab3cee
sha256: edbb1fbe5d4546bdc496128e61486db12f421da1b0ba2b2564f051a68baaa8d6
sha512: c94006c3c3d39262c32544793b146898611eefa5ea1386b4ec841440698d573eeb40c24cc5796bb5e46f31fb15178ad640f751f5b46ac7275991e321795b7397
ssdeep: 49152:7JKhDrDIhbVKeLGU51OozJ129/32zxDRX9eJC:tYg0UZj3NeJC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19575330B2809778FD2950C7F4E2653A2C7F66851FB253BB7231B3A24D5769E38436436
sha3_384: 042d1899f4d77ae090624c5a405e0a30ebd82c5385ac4df5693769d7f169f33e566635b665215e53736ebac814c0b4c2
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2021-08-06 16:38:04


Version Info:

0: [No Data]

Backdoor.Win32.Farfli.cbip also known as:

BkavW32.AIDetect.malware2
LionicHeuristic.File.Generic.00×1!p
MicroWorld-eScanGen:Variant.Strictor.267200
FireEyeGeneric.mg.f34a4ef70928978a
McAfeeGenericRXAA-AA!F34A4EF70928
MalwarebytesMalware.AI.3971039082
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 004befdb1 )
BitDefenderGen:Variant.Strictor.267200
K7GWTrojan ( 004befdb1 )
Cybereasonmalicious.2d1601
ArcabitTrojan.Strictor.D413C0
BitDefenderThetaGen:NN.ZexaF.34646.KvW@amhA@Lib
CyrenW32/S-b406e71e!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Farfli.cbip
AlibabaBackdoor:Win32/Farfli.72babea7
CynetMalicious (score: 100)
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
Ad-AwareGen:Variant.Strictor.267200
SophosMal/Generic-S (PUA)
F-SecureHeuristic.HEUR/AGEN.1215951
DrWebTrojan.Siggen18.45612
VIPREGen:Variant.Strictor.267200
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Strictor.267200 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1215951
Antiy-AVLGrayWare/Win32.EnigmaProtect.a
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftBackdoor:Win32/Bladabindi!ml
ZoneAlarmBackdoor.Win32.Farfli.cbip
GDataGen:Variant.Strictor.267200
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R467122
VBA32Backdoor.Bladabindi
ALYacGen:Variant.Strictor.267200
MAXmalware (ai score=88)
CylanceUnsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002H0CF922
TencentWin32.Backdoor.Farfli.Ewnw
IkarusPUA.EnigmaProtector
FortinetRiskware/Application
AVGWin32:BackdoorX-gen [Trj]
AvastWin32:BackdoorX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Farfli.cbip?

Backdoor.Win32.Farfli.cbip removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment