Backdoor

Backdoor:Win32/Farfli.QY!bit malicious file

Malware Removal

The Backdoor:Win32/Farfli.QY!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Farfli.QY!bit virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Farfli.QY!bit?



File Info:

name: 8DC4A3BAD1162BD38FE9.mlw
path: /opt/CAPEv2/storage/binaries/884cd0e9e775e91f1fd1095dc8cb9d0b44c0777d0a4778507998bb97049246af
crc32: BA7013BD
md5: 8dc4a3bad1162bd38fe9958a1e33b4c9
sha1: f856d58240309448ca2a452d6db99250070e76a2
sha256: 884cd0e9e775e91f1fd1095dc8cb9d0b44c0777d0a4778507998bb97049246af
sha512: 1192aa4aa1fafe6cd11ca760f61a292065545758c986ae0c66aeb2bf5305c8bfde464be4c5d02f2da6e61868a4648c3186267ad82567f075efb90e92262ebe81
ssdeep: 49152:2JC623msvD/DX+y4onCYDoDpsvD/DX+y4onCYDoDc:2g62WsvD/D+donCYUtsvD/D+donCYUA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12485F100F7A1D029F4B612F55ABEE13CA8287AB14B2C50CF62D417DE17295E46D33BA7
sha3_384: 11cd17ec919b1166bce6e86b3cb004ac69f04a33a10b2d74734b147854e3d2aff107d2d72ec1e192ecb6c10ad1f59749
ep_bytes: 8bff558bece832e2feffe8110000005d
timestamp: 2016-08-28 09:48:08


Version Info:

0: [No Data]

Backdoor:Win32/Farfli.QY!bit also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DnsAmp.24
MicroWorld-eScanGen:Variant.Babar.135483
ClamAVWin.Tool.Adduser-9966692-0
FireEyeGeneric.mg.8dc4a3bad1162bd3
CAT-QuickHealTrojan.Mauvaise.SL1
McAfeeGenericRXAA-AA!8DC4A3BAD116
MalwarebytesMalware.AI.1520081359
ZillyaTrojan.Farfli.Win32.46508
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004fe4371 )
AlibabaBackdoor:Win32/Farfli.b59b140d
K7GWTrojan ( 004fe4371 )
Cybereasonmalicious.ad1162
VirITTrojan.Win32.DnsAmp.Y
CyrenW32/Trojan.HMVF-2300
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Farfli.CDE
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Babar.135483
NANO-AntivirusTrojan.Win32.QQWare.jwdysn
AvastWin32:Agent-AXZC [Trj]
TencentMalware.Win32.Gencirc.10b28e39
EmsisoftGen:Variant.Babar.135483 (B)
F-SecureBackdoor.BDS/Backdoor.Gen7
VIPREGen:Variant.Babar.135483
TrendMicroTROJ_GEN.R002C0DEQ23
McAfee-GW-EditionBehavesLike.Win32.Trojan.tc
SophosTroj/Farfli-DC
IkarusTrojan.Win32.Farfli
GDataGen:Variant.Babar.135483
JiangminTrojan.Siscos.eh
AviraBDS/Backdoor.Gen7
Antiy-AVLGrayWare/Win32.Generic
XcitiumTrojWare.Win32.Farfli.CD@80w50b
ArcabitTrojan.Babar.D2113B
ViRobotTrojan.Win.Z.Farfli.1854568.A
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftBackdoor:Win32/Farfli.QY!bit
AhnLab-V3Trojan/Win32.Siscos.R214408
Acronissuspicious
VBA32BScope.Trojan.Scar
ALYacGen:Variant.Babar.135483
MAXmalware (ai score=83)
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DEQ23
RisingBackdoor.Farfli!1.B48D (CLASSIC)
YandexTrojan.GenAsa!/qOJNubJKHI
SentinelOneStatic AI – Suspicious PE
FortinetW32/Farfli.CDE!tr
AVGWin32:Agent-AXZC [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Farfli.QY!bit?

Backdoor:Win32/Farfli.QY!bit removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment