Categories: Backdoor

What is “Backdoor:Win32/Farfli.BO!MTB”?

The Backdoor:Win32/Farfli.BO!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Farfli.BO!MTB virus can do?

Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Uses Windows utilities for basic functionality
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Authenticode signature is invalid
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
CAPE detected the VMProtectStub malware family
Attempts to disable UAC
Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Farfli.BO!MTB?


File Info:
name: 2BC69AA4CDFD8D6AC63D.mlwpath: /opt/CAPEv2/storage/binaries/7ffa4a441bce656b8fd438a83a22983c5d4db2a3fcfa565c66c7871552efce23crc32: 312BD967md5: 2bc69aa4cdfd8d6ac63d3300a3671e57sha1: 4bba515e532283d21e7b4faf5df035f2d5708741sha256: 7ffa4a441bce656b8fd438a83a22983c5d4db2a3fcfa565c66c7871552efce23sha512: 30eb147ce3fcd04b0df9182c89aa1471b80f73ab044484b42e8241098a20e08a9c74dc0c68685b3426f74c5c64a84ba2950205856782700298881e751dd6b781ssdeep: 12288:KBDZL5pa2HvY+xPAVRiLfzq526GeQM9qZ+180YRFxszhL8tq5ujKMkn6MTTsluXc:uDZLja2Hvx4Vw/p6qQ1gTs58Y8Hm6MTitype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T162F4332F1F6F4563E95A02B04F4BCA4CBF1C0E56B43E67366771132A9E51B0378287A9sha3_384: a78e1482a44aea098685f4872ea13df1d73f78e40533c00757255e71a947de7d4166d8c12c2d9a1eb22c892597ec3581ep_bytes: 68c84b09e7c70424feb3b3a450e97886timestamp: 2023-12-22 17:48:13
Version Info:
0: [No Data]

Backdoor:Win32/Farfli.BO!MTB also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.PT.UuW@b41!nbi
FireEye	Generic.mg.2bc69aa4cdfd8d6a
Skyhigh	BehavesLike.Win32.Generic.bc
VIPRE	Gen:Trojan.Heur.PT.UuW@b41!nbi
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Backdoor:Win32/Farfli.b6310992
K7GW	Trojan ( 7000001c1 )
K7AntiVirus	Trojan ( 7000001c1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Farfli.CTR
Zoner	Probably Heur.ExeHeaderL
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:Backdoor.Win32.Farfli.cpod
BitDefender	Gen:Trojan.Heur.PT.UuW@b41!nbi
NANO-Antivirus	Trojan.Win32.Inject5.kkdzup
Avast	Win32:BackdoorX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10bfa915
Emsisoft	Gen:Trojan.Heur.PT.UuW@b41!nbi (B)
F-Secure	Trojan.TR/Black.Gen2
DrWeb	Trojan.Inject5.2867
Trapmine	malicious.high.ml.score
Sophos	Mal/VMProtBad-A
SentinelOne	Static AI – Malicious PE
GData	Gen:Trojan.Heur.PT.UuW@b41!nbi
Google	Detected
Avira	TR/Black.Gen2
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Win32.Farfli
Arcabit	Trojan.Heur.PT.EEFA29
ZoneAlarm	UDS:Backdoor.Win32.Farfli.cpod
Microsoft	Backdoor:Win32/Farfli.BO!MTB
Varist	W32/Farfli.LA.gen!Eldorado
AhnLab-V3	Backdoor/Win.Farfli.R637090
BitDefenderTheta	AI:Packer.2D92B4C91E
ALYac	Gen:Trojan.Heur.PT.UuW@b41!nbi
VBA32	BScope.Backdoor.Generic
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Backdoor.Farfli!8.B4 (TFE:2:ihDtZ2ueCcV)
Yandex	Backdoor.Farfli!z7lECrkJu28
MaxSecure	Trojan.Malware.234801961.susgen
Fortinet	W32/Farfli.CTR!tr
AVG	Win32:BackdoorX-gen [Trj]
Cybereason	malicious.e53228
DeepInstinct	MALICIOUS