Categories: Backdoor

Backdoor:Win32/Farfli.ABM!MTB (file analysis)

The Backdoor:Win32/Farfli.ABM!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Farfli.ABM!MTB virus can do?

Executable code extraction
Creates RWX memory
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
A process created a hidden window
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
A scripting utility was executed
Uses Windows utilities for basic functionality
Attempts to execute a powershell command with suspicious parameter/s
Attempts to interact with an Alternate Data Stream (ADS)
Unusual version info supplied for binary

Related domains:

haohm.502ok.com

How to determine Backdoor:Win32/Farfli.ABM!MTB?


File Info:
crc32: A9AEC638md5: c32c5cf83ba9a7db47665a58718fec6bname: C32C5CF83BA9A7DB47665A58718FEC6B.mlwsha1: 91ea9bff93cf65963e23b5923197a0a408449cd7sha256: 0b31dca111a7eb743a40cea3c64dbf9bd4748c4af3d6f915ffce7184982c6538sha512: 34cf90454fecdde6e87983f9cb5eada6ca83f79b9d20e7d1a07c91312245ad4bd0ff19304926368f6659dfe755b7bd9341f83b59dd644fe5bf95f91ffc5d5767ssdeep: 1536:ATHH/ZkdQ7Y6nnMbvtNYO2m7hYu8DFLDe3ZWv7byp2B2kmZKjRqf:E/Zk6/nMtNYO2+iVFLapWzbypBIEftype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: x7248x6743x6240x6709(C) 2013 C Microsoft Corporation. All rights reserved.InternalName: OEMIG50FileVersion: 6.0.3790.3959CompanyName: x5927x4f17x6597x5730x4e3bx534fx4f1aPrivateBuild: LegalTrademarks: Comments: ProductName:   Microsoft(R) Windows(R) x5927x4f17x6597x5730x4e3bx534fx4f1aSpecialBuild: ProductVersion: 6, 0, 3, 1FileDescription: Outlook Express Migration 5.0OriginalFilename: OEMIG50.EXETranslation: 0x0804 0x04b0

Backdoor:Win32/Farfli.ABM!MTB also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 004fb2411 )
Lionic	Trojan.Win32.PsDownload.trJu
Elastic	malicious (high confidence)
DrWeb	Trojan.Damaged.1
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Graftor.464791
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.1848455
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
K7GW	Trojan ( 004fb2411 )
Cybereason	malicious.83ba9a
Cyren	W32/Zegost.EA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.FHSE
APEX	Malicious
Avast	Win32:BackdoorX-gen [Trj]
ClamAV	Win.Dropper.Gh0stRAT-9497859-0
Kaspersky	Trojan-Downloader.Win32.PsDownload.fwc
BitDefender	Gen:Variant.Graftor.464791
NANO-Antivirus	Trojan.Win32.Kryptik.eofuql
MicroWorld-eScan	Gen:Variant.Graftor.464791
Tencent	Malware.Win32.Gencirc.10b0cbf1
Ad-Aware	Gen:Variant.Graftor.464791
Sophos	Mal/Generic-S
Comodo	Backdoor.Win32.Zegost.FH@7qyj9h
BitDefenderTheta	Gen:NN.ZexaF.34170.hq0@aSWt81db
TrendMicro	BKDR_ZEGOST.SM34
McAfee-GW-Edition	Packed-MW!C32C5CF83BA9
FireEye	Generic.mg.c32c5cf83ba9a7db
Emsisoft	Gen:Variant.Graftor.464791 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Backdoor.Farfli.cno
Avira	TR/Dropper.Gen7
eGambit	Unsafe.AI_Score_99%
Microsoft	Backdoor:Win32/Farfli.ABM!MTB
Gridinsoft	Trojan.Win32.Kryptik.oa!s1
GData	Gen:Variant.Graftor.464791
AhnLab-V3	Backdoor/Win32.RL_Zegost.R300697
McAfee	Packed-MW!C32C5CF83BA9
MAX	malware (ai score=86)
VBA32	Backdoor.Farfli
Malwarebytes	Malware.AI.3256505801
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	BKDR_ZEGOST.SM34
Rising	Trojan.Kryptik!1.AAD1 (CLASSIC)
Yandex	Trojan.GenAsa!Vw68EO0Xzeo
Ikarus	IM-Flooder.Win32.Hityou
Fortinet	W32/Kryptik.FHSE!tr
AVG	Win32:BackdoorX-gen [Trj]
Paloalto	generic.ml