Backdoor

Backdoor.Win32.Farfli.cfav removal tips

Malware Removal

The Backdoor.Win32.Farfli.cfav is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Farfli.cfav virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings

How to determine Backdoor.Win32.Farfli.cfav?



File Info:

name: 16DFF669326D63F55780.mlw
path: /opt/CAPEv2/storage/binaries/b00d85b72e9be90866604d6ae88af171a99b385f75e7a351a4c72f56a373b9c7
crc32: D4D92143
md5: 16dff669326d63f55780521befd5511e
sha1: 330327725931a964c153899ed8a1f1c277f686cd
sha256: b00d85b72e9be90866604d6ae88af171a99b385f75e7a351a4c72f56a373b9c7
sha512: c65052378f74414d7ec31613f6e40801a3a2fa42117333ce21dceb8c60bf2409d04d2240385410e0007835f1df99b5aba211ee41a5fbdedab2130038ab4f7294
ssdeep: 24576:guYjoEAvtJlR48e0WDSvFKln7U2Z1Hfp42aXCIkLYRuV1h:JYsF1JlM0rkpBvaSId8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AD5523622301654CF30402F38847DF9DE5A8E4319B011E6FB468AECE9A7F7766F9A471
sha3_384: 9f0a11b95481986566e363b77eadb46ecb51f33d25fa382b090c476ab01008d8fbf35db0c6420e1955b7187d23076ac5
ep_bytes: b8b4949b005064ff3500000000648925
timestamp: 2022-11-05 09:44:47


Version Info:

FileDescription: aaa Microsoft 
FileVersion: 1, 0, 4, 1
InternalName: aaa
LegalCopyright: 版权所有 (C) 2022
OriginalFilename: 1, 0, 4, 1
ProductVersion: 1, 0, 4, 1
Translation: 0x0804 0x04b0

Backdoor.Win32.Farfli.cfav also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanTrojan.GenericKD.63434898
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HCAH
APEXMalicious
KasperskyBackdoor.Win32.Farfli.cfav
BitDefenderTrojan.GenericKD.63434898
AvastWin32:RATX-gen [Trj]
Ad-AwareTrojan.GenericKD.63434898
EmsisoftTrojan.GenericKD.63434898 (B)
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
Trapminesuspicious.low.ml.score
FireEyeTrojan.GenericKD.63434898
GDataTrojan.GenericKD.63434898
JiangminBackdoor/Hupigon.bmcz
ArcabitTrojan.Generic.D3C7F092
ZoneAlarmBackdoor.Win32.Farfli.cfav
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!16DFF669326D
MalwarebytesMalware.Heuristic.1001
RisingTrojan.Kryptik!8.8 (CLOUD)
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.34754.oj0famG0Ewcj
AVGWin32:RATX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Backdoor.Win32.Farfli.cfav?

Backdoor.Win32.Farfli.cfav removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment