Trojan

How to remove “Trojan-Downloader.Win64.Farfli.ex”?

Malware Removal

The Trojan-Downloader.Win64.Farfli.ex is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win64.Farfli.ex virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Trojan-Downloader.Win64.Farfli.ex?



File Info:

name: C0F3497198F416D449AA.mlw
path: /opt/CAPEv2/storage/binaries/74360c1f2c6333e3eca46408fd3a394690bee4a46e65d80f4142e7a936b07e2c
crc32: 6D7BB8F9
md5: c0f3497198f416d449aa6b75be0cafcc
sha1: 0142509e933b87d47bd23b87e3788dbc5f6d8770
sha256: 74360c1f2c6333e3eca46408fd3a394690bee4a46e65d80f4142e7a936b07e2c
sha512: 8e6cd82aa4cb0e2c0ce6dbcde7d2c872def2e5520de9aa47a42051717e15163e5fb68687199c8d13e1f54bff0985994f3286932ae24ef055f55fef46f9603530
ssdeep: 1536:0NKfCpJTaPyO8C0elogjYBiM/xy5JFtnR:0NJJTaPy40pMOiM/xgjR
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T18F63083526A435F5D41BC23284E20A31A7BBFC9532F6A39E0558F2674F72661CE2B371
sha3_384: 9c02629a4b7a5cfb3cde86178e099ef397aeb41ebee4f0a2b922fedd61ecf05615f3d8fefa59502369e5b9e2d5bb7d66
ep_bytes: 4883ec28e8db2d00004883c428e976fe
timestamp: 2021-11-26 04:18:05


Version Info:

CompanyName: CAINIAO Network
FileDescription: CAINIAO 缃戠粶
FileVersion: 0.4.9.3
LegalCopyright: Copyright (C) 2015-2020 CAINIAO Network
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 0.4.9.3
Translation: 0x0000 0x04b0

Trojan-Downloader.Win64.Farfli.ex also known as:

LionicTrojan.Win64.Farfli.a!c
CynetMalicious (score: 99)
FireEyeGeneric.mg.c0f3497198f416d4
ALYacTrojan.GenericKD.47501121
K7AntiVirusTrojan-Downloader ( 0058a0ee1 )
AlibabaTrojanDownloader:Win64/Farfli.6006fd94
K7GWTrojan-Downloader ( 0058a0ee1 )
Cybereasonmalicious.e933b8
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win64/TrojanDownloader.Agent.ML
AvastWin64:Trojan-gen
KasperskyTrojan-Downloader.Win64.Farfli.ex
BitDefenderTrojan.GenericKD.47501121
MicroWorld-eScanTrojan.GenericKD.47501121
TencentWin64.Trojan-downloader.Agent.Szbf
Ad-AwareTrojan.GenericKD.47501121
F-SecureTrojan.TR/Dldr.Agent.hodno
EmsisoftTrojan.GenericKD.47501121 (B)
GDataWin64.Trojan.Agent.DP37ZW
JiangminTrojanDownloader.Farfli.av
AviraTR/Dldr.Agent.hodno
GridinsoftRansom.Win64.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
MAXmalware (ai score=81)
MalwarebytesBackdoor.Farfli
TrendMicro-HouseCallTROJ_GEN.R002H0DKQ21
RisingDownloader.Agent!1.D154 (CLASSIC)
FortinetW64/Agent.ML!tr.dldr
AVGWin64:Trojan-gen
PandaTrj/CI.A

How to remove Trojan-Downloader.Win64.Farfli.ex?

Trojan-Downloader.Win64.Farfli.ex removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment