Backdoor

Backdoor.Win32.Farfli.ccae removal guide

Malware Removal

The Backdoor.Win32.Farfli.ccae is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Farfli.ccae virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Nitol malware family
  • Detects Bochs through the presence of a registry key
  • Creates a copy of itself

How to determine Backdoor.Win32.Farfli.ccae?



File Info:

name: 179B8A0C83B0F0699CCA.mlw
path: /opt/CAPEv2/storage/binaries/8c747e17b9b633bfe95e7ce0530ba3e24366b7fa7be4e60db68c323132516cca
crc32: F5759A02
md5: 179b8a0c83b0f0699cca73954e1f8b40
sha1: 8f5c917ff3bf32a4c6e98cba0adede4f8ab3b63e
sha256: 8c747e17b9b633bfe95e7ce0530ba3e24366b7fa7be4e60db68c323132516cca
sha512: bbbcb8d4ea5ab64ffe6cfcd0a7b89878913afdfb8f0e62fb6a7f5f847e16e98bbfded17b0d6677c1395bfee9d32be86291567dd112ca12ccfd5f072ff2f05880
ssdeep: 6144:5m7FXZD4TD2TWOcKtpiPy4KSWJ8CgSvg41haXErcfXM789Kwl4S9iDJK2KwEVCMo:5+XZ0D2TJiQSWJkDXZ9MwCS9i9NKl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FE94121E21684475C12D1934A5B38FF82B513C239A906A0F5DF9FE9F78FC680BEC6169
sha3_384: 178666029e70d3f74ddf69796d81d69d1a2e94b50dd2b0522479b23b9d07852c1db43dd2c9cfe8800040ba5fd9375dfa
ep_bytes: 60be00304d008dbe00e0f2ff5783cdff
timestamp: 2022-07-09 04:13:43


Version Info:

FileVersion: 1.0.0.0
FileDescription: windows屏幕保护
ProductName: 易语言程序
ProductVersion: 1.0.0.0
CompanyName: 4ustn1ne
LegalCopyright: 4ustn1ne
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Backdoor.Win32.Farfli.ccae also known as:

tehtrisGeneric.Malware
FireEyeGeneric.mg.179b8a0c83b0f069
CylanceUnsafe
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
BitDefenderThetaGen:NN.ZexaF.34786.AmKfaGtXpKib
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R014C0DG922
KasperskyBackdoor.Win32.Farfli.ccae
AvastWin32:BackdoorX-gen [Trj]
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
TrendMicroTROJ_GEN.R014C0DG922
McAfee-GW-EditionBehavesLike.Win32.Backdoor.gc
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
GDataWin32.Application.PUPStudio.A
JiangminHeur:Backdoor/Agent
AviraTR/Crypt.ZPACK.Gen2
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Sabsik.EN.B!ml
CynetMalicious (score: 100)
McAfeeArtemis!179B8A0C83B0
VBA32Trojan.Farfli
MalwarebytesMalware.AI.2568214062
APEXMalicious
YandexTrojan.GenAsa!OajMJGSbqgA
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.65CA!tr
AVGWin32:BackdoorX-gen [Trj]
Cybereasonmalicious.ff3bf3

How to remove Backdoor.Win32.Farfli.ccae?

Backdoor.Win32.Farfli.ccae removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment