Backdoor

Backdoor:Win32/Farfli.AAB!MTB removal

Malware Removal

The Backdoor:Win32/Farfli.AAB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Farfli.AAB!MTB virus can do?

  • Sample contains Overlay data
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • CAPE detected the PCRat malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Farfli.AAB!MTB?



File Info:

name: 64DDF2C1488C8AE7C89C.mlw
path: /opt/CAPEv2/storage/binaries/60d7807f84cc572d86ce54379819c7de7c8dd905505a11d24a4b014d4e35d6dc
crc32: C926436D
md5: 64ddf2c1488c8ae7c89c559f8edeeaa1
sha1: fe101f8ea1e37f4e0c9bc3a60c209dc17b234ded
sha256: 60d7807f84cc572d86ce54379819c7de7c8dd905505a11d24a4b014d4e35d6dc
sha512: 20c1af0397e563000c8d7d14cd46123763453d6e7c3b076cd1c7b8ca3a9c359239e64e42c42b5a532586cc86d9a31610c12b759316252ae5d494aa3e4ff61460
ssdeep: 3072:4f2JxKZRcKTgzl5OhhOP/9r0EQgWZ5n+0wqp+igr:4SURY/Ym/NJWZYYfI
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T17EC66C02BA90BCE7E4E1203D28A92B36CFBFBC74695D9D83FB14969D2DB1540E711346
sha3_384: 926128585a03461c1a7f13e1c83fc0d1f3ed4968bdfaed187d71ccecc0b62679a3ca2b47eaf647f184159094628ed2b2
ep_bytes: 558bec538b5d08568b750c578b7d1085
timestamp: 2011-03-02 00:47:10


Version Info:

Comments: 
CompanyName: Oracle Corporation
FileDescription: VirtualBox
FileVersion: 3.2.4.62467
InternalName: VirtualBox
LegalCopyright: Copyright (C) 2009-2010 Oracle Corporation
LegalTrademarks: 
OriginalFilename: VirtualBox.exe
PrivateBuild: 
ProductName: VirtualBox
ProductVersion: 3.2.4.62467
SpecialBuild: 
Translation: 0x0804 0x04b0

Backdoor:Win32/Farfli.AAB!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Genome.kZvc
AVGWin32:Farfli-AV [Trj]
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Midie.143777
FireEyeGeneric.mg.64ddf2c1488c8ae7
CAT-QuickHealBackdoor.FirstInj.12021
SkyhighGenericRXLS-IG!64DDF2C1488C
McAfeeGenericRXLS-IG!64DDF2C1488C
MalwarebytesFarFli.Backdoor.Bot.DDS
VIPREGen:Variant.Midie.143777
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaMalware:Win32/km_2c0f4.None
K7GWEmailWorm ( 004df05b1 )
K7AntiVirusEmailWorm ( 004df05b1 )
BitDefenderThetaGen:NN.ZedlaF.36802.@x@@aiMVKUgb
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Farfli.ALI
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Magania-7862458-0
KasperskyTrojan.Win32.AntiAV.iob
BitDefenderGen:Variant.Midie.143777
NANO-AntivirusTrojan.Win32.AntiAV.cxvim
AvastWin32:Farfli-AV [Trj]
TencentMalware.Win32.Gencirc.115d1144
SophosMal/Generic-R
BaiduWin32.Trojan.Farfli.aj
F-SecureBackdoor.BDS/Zegost.ukva
DrWebBackDoor.Remoete
ZillyaTrojan.AntiAV.Win32.3372
TrendMicroTROJ_AGENT_023825.TOMB
EmsisoftGen:Variant.Midie.143777 (B)
IkarusBackdoor.Win32.Inject
JiangminTrojan/AntiAV.bih
VaristW32/KillAV.AQ.gen!Eldorado
AviraBDS/Zegost.ukva
MicrosoftBackdoor:Win32/Farfli.AAB!MTB
XcitiumTrojWare.Win32.Zegost.INC@4q3n6m
ArcabitTrojan.Midie.D231A1
ZoneAlarmTrojan.Win32.AntiAV.iob
GDataGen:Variant.Midie.143777
GoogleDetected
AhnLab-V3Trojan/Win32.AntiAV.R3534
VBA32Trojan.AntiAV
ALYacGen:Variant.Midie.143777
MAXmalware (ai score=88)
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_AGENT_023825.TOMB
RisingDownloader.Agent!1.D0E4 (CLASSIC)
YandexTrojan.GenAsa!61ASnpSssG8
SentinelOneStatic AI – Malicious PE
FortinetW32/Magania.EXJH!tr
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Farfli.d44d726a

How to remove Backdoor:Win32/Farfli.AAB!MTB?

Backdoor:Win32/Farfli.AAB!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment