Backdoor

About “Backdoor:Win32/Farfli.P” infection

Malware Removal

The Backdoor:Win32/Farfli.P is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Farfli.P virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Farfli.P?



File Info:

name: 1BC75EFCDCDC5FE5FBC2.mlw
path: /opt/CAPEv2/storage/binaries/7143f9b23b94cde2af7695d29a6a3875a855a4be6cf08385bb60686f5e958c81
crc32: 33CF72C4
md5: 1bc75efcdcdc5fe5fbc23c2ab572c251
sha1: f7212e5664a8e51fa63cb193cece2351b39feb9a
sha256: 7143f9b23b94cde2af7695d29a6a3875a855a4be6cf08385bb60686f5e958c81
sha512: 44aaf6cc1a77ce139d737560fb6448f3a69ff25f89b5f5ad17338bd59bebf1b7da7d5eab74b4cd5ad10fb852a62a6eba45196752add95f87ba0c862ccc92bf79
ssdeep: 1536:fowahuG0ipcAgciDeS2mFnToIf62MNFyxPvV5E2:fowahv0yJiDeS2mtTBf6NNFyxPU2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F8F6F1AB944824A260BD7B51F10B07D6C293BEB1AA14DF908084FB96C764544FFEDBD3
sha3_384: ff6e10194b4c0c10328d76f7f0a1ba2be24450be12f828215b566dcd3556b174e161224583c9bda4f2c888723a7e2bb9
ep_bytes: 558bec6aff68e0fe4000683aa6400064
timestamp: 2010-11-15 15:47:30


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Audit User Program
FileVersion: 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)
InternalName: auditusr
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: AUDITUSR.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.2.3790.3959
Translation: 0x0409 0x04b0

Backdoor:Win32/Farfli.P also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Fsysna.lfs0
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.446950
FireEyeGeneric.mg.1bc75efcdcdc5fe5
CAT-QuickHealBackdoor.DdosRI.S28992308
ALYacGen:Variant.Zusy.446950
Cylanceunsafe
ZillyaTrojan.Agent.Win32.119822
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 000b31ac1 )
AlibabaMalware:Win32/km_24675.None
K7GWTrojan ( 000b31ac1 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Zusy.D6D1E6
BaiduWin32.Trojan.Farfli.y
VirITTrojan.Win32.Agent.GBEC
CyrenW32/QQhelper.C.gen!Eldorado
SymantecBackdoor.Trojan
ESET-NOD32Win32/Agent.OIV
APEXMalicious
ClamAVWin.Trojan.Cossta-6748641-0
KasperskyBackdoor.Win32.Agent.bfaz
BitDefenderGen:Variant.Zusy.446950
NANO-AntivirusTrojan.Win32.Agent.ijcit
AvastWin32:PcClient-ZE [Trj]
TencentBackdoor.Win32.Agent.m
SophosW32/Agent-BJRH
F-SecureBackdoor.BDS/Backdoor.Gen
DrWebTrojan.Siggen2.8740
VIPREGen:Variant.Zusy.446950
McAfee-GW-EditionBehavesLike.Win32.CoinMiner.wh
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Zusy.446950 (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/Agent.cwzx
AviraBDS/Backdoor.Gen
XcitiumTrojWare.Win32.Trojan.Agent.Gen@29079o
MicrosoftBackdoor:Win32/Farfli.P
ZoneAlarmBackdoor.Win32.Agent.bfaz
GDataGen:Variant.Zusy.446950
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Hupigon6.Gen
Acronissuspicious
BitDefenderThetaAI:Packer.08A7897921
MAXmalware (ai score=80)
VBA32BScope.Trojan.SvcHorse.01643
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Agent.OJR
RisingBackdoor.Antidor!1.650B (CLASSIC)
YandexTrojan.GenAsa!K6SiudjbO8A
IkarusBackdoor.Win32.Xyligan
FortinetW32/Agent.WRS!tr
AVGWin32:PcClient-ZE [Trj]
Cybereasonmalicious.cdcdc5
DeepInstinctMALICIOUS

How to remove Backdoor:Win32/Farfli.P?

Backdoor:Win32/Farfli.P removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment