Backdoor

Backdoor:Win32/Farfli.DA information

Malware Removal

The Backdoor:Win32/Farfli.DA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Farfli.DA virus can do?

  • Executable code extraction
  • At least one process apparently crashed during execution
  • Detected script timer window indicative of sleep style evasion
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Checks the system manufacturer, likely for anti-virtualization
  • Creates a copy of itself

Related domains:

seo.050080.com

How to determine Backdoor:Win32/Farfli.DA?



File Info:

crc32: DDA2A929
md5: 630d8647c164831cbccb395ce2d7e9ce
name: ycwb.exe
sha1: e14e731c8fca13be4819ffd6caab16c910b8eb1c
sha256: 447156a073773882f1c3a819d44ba292c78a161a37d4b382719339b684f6415a
sha512: c7dadfe61adc90b1060aac6a788d8d3c7380dd1cda7383661d0b5d126da5acc5ab07026de342bce22e1bc95b64b4dd806a90b29eee4c93466a4fea0a2520d71f
ssdeep: 6144:6SMY17y9ooMlVxHavjk7cW9/OW3GKftSisIG:JM4yiB6Woo
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 2006
InternalName: TestApp
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: TestApp x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: TestApp Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: TestApp.EXE
Translation: 0x0804 0x04b0

Backdoor:Win32/Farfli.DA also known as:

MicroWorld-eScanGen:Variant.Mikey.64701
CAT-QuickHealTrojan.Mauvaise.SL1
McAfeeGenericR-JYU!630D8647C164
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 0053aee01 )
BitDefenderGen:Variant.Mikey.64701
K7GWTrojan ( 0053aee01 )
Cybereasonmalicious.7c1648
Invinceaheuristic
ESET-NOD32a variant of Win32/GenKryptik.ADCX
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Farfli-7012395-0
GDataGen:Variant.Mikey.64701
KasperskyTrojan-GameThief.Win32.Magania.ugst
AlibabaBackdoor:Win32/Farfli.4cecd46a
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b1c84b
Endgamemalicious (high confidence)
EmsisoftGen:Variant.Mikey.64701 (B)
F-SecureHeuristic.HEUR/AGEN.1031658
DrWebBackDoor.Spy.3374
ZillyaTrojan.Magania.Win32.71153
TrendMicroBKDR_ZEGOST.SM18
McAfee-GW-EditionGenericR-JYU!630D8647C164
MaxSecureTrojan.Malware.10891939.susgen
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.630d8647c164831c
SophosTroj/AutoG-GM
IkarusBackdoor.Win32.Farfli
AviraHEUR/AGEN.1031658
Antiy-AVLTrojan[GameThief]/Win32.Magania
ArcabitTrojan.Mikey.DFCBD
AegisLabTrojan.Win32.Magania.d!c
ZoneAlarmTrojan-GameThief.Win32.Magania.ugst
MicrosoftBackdoor:Win32/Farfli.DA
TACHYONTrojan-PWS/W32.OnLineGames.344064.B
AhnLab-V3Trojan/Win32.Magania.C1960114
BitDefenderThetaGen:NN.ZexaF.34090.vq0@aex90neb
ALYacGen:Variant.Mikey.64701
MAXmalware (ai score=82)
VBA32BScope.Backdoor.Farfli
MalwarebytesBackdoor.Farfli
TrendMicro-HouseCallBKDR_ZEGOST.SM18
RisingBackdoor.Farfli!8.B4 (C64:YzY0Ou+He81uI8j6)
YandexTrojan.GenKryptik!
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Generic.AC.3EFF51!tr
Ad-AwareGen:Variant.Mikey.64701
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Backdoor:Win32/Farfli.DA?

Backdoor:Win32/Farfli.DA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment