Trojan

TrojanDownloader:Win32/Farfli.PJ!bit (file analysis)

Malware Removal

The TrojanDownloader:Win32/Farfli.PJ!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Farfli.PJ!bit virus can do?

  • Executable code extraction
  • At least one process apparently crashed during execution
  • Detected script timer window indicative of sleep style evasion
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • A scripting utility was executed
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a copy of itself

Related domains:

djking.f3322.net

How to determine TrojanDownloader:Win32/Farfli.PJ!bit?



File Info:

crc32: B2162622
md5: b8d509a63c26aaff5b6f940d32aa81cb
name: B8D509A63C26AAFF5B6F940D32AA81CB.mlw
sha1: 01382da9f1a53a8421bd3c9ffa0beebe27e433e9
sha256: ab6c0f4ae9d79e5dca906f224e89024ab0b6f594757ad93e60dc5efc00d863c1
sha512: b1cad50eed82db8bf234e8dabb20e9dd2cd11d7e1cb79234690009f447d6e1eb3e452c2c9087b378f839c20f106e009486637b066ec49b71602414d32653e786
ssdeep: 6144:2EuOjRKvGBiiOvHSZWlIjfOwJ5jz8H2mh5L:DJwecijz8
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: x7248x6743x6240x6709(C) 2020
InternalName: Client
FileVersion: 1, 0, 0, 1
CompanyName:  
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName:   Client
SpecialBuild: 
ProductVersion: 1, 0, 0, 1
FileDescription: Client
OriginalFilename: Client.exe
Translation: 0x0804 0x04b0

TrojanDownloader:Win32/Farfli.PJ!bit also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.35702711
FireEyeGeneric.mg.b8d509a63c26aaff
CAT-QuickHealTrojanDownloader.Dupzom
ALYacTrojan.GenericKD.35702711
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan-Downloader ( 004fcba51 )
BitDefenderTrojan.GenericKD.35702711
K7GWTrojan-Downloader ( 004fcba51 )
Cybereasonmalicious.9f1a53
CyrenW32/Trojan.UNXG-2040
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.Win32.Dupzom.gen
AlibabaTrojanDownloader:Win32/Farfli.9bfb2957
ViRobotTrojan.Win32.Z.Farfli.744977
RisingDownloader.Agent!8.B23 (TFE:5:5PuxP7r7DMH)
Ad-AwareTrojan.GenericKD.35702711
EmsisoftTrojan.GenericKD.35702711 (B)
ComodoMalware@#3at5u7r6d8uxg
F-SecureTrojan.TR/Dldr.Agent.bzwbx
DrWebTrojan.DownLoader36.28934
ZillyaDownloader.Dupzom.Win32.466
TrendMicroBKDR_ZEGOST.SM17
McAfee-GW-EditionGenericRXMY-QC!B8D509A63C26
SophosMal/Generic-S
IkarusTrojan-Downloader.Win32.Agent
JiangminTrojanDownloader.Dupzom.mv
AviraTR/Dldr.Agent.bzwbx
eGambitUnsafe.AI_Score_99%
MAXmalware (ai score=100)
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojanDownloader:Win32/Farfli.PJ!bit
GridinsoftTrojan.Win32.Downloader.oa
ArcabitTrojan.Generic.D220C7B7
ZoneAlarmHEUR:Trojan-Downloader.Win32.Dupzom.gen
GDataTrojan.GenericKD.35702711
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Zegost.C4262848
McAfeeGenericRXMY-QC!B8D509A63C26
VBA32BScope.Backdoor.Farfli
MalwarebytesBackdoor.Farfli
PandaTrj/CI.A
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.CWU
TrendMicro-HouseCallBKDR_ZEGOST.SM17
TencentWin32.Trojan-downloader.Agent.Pijt
YandexTrojan.DL.Agent!VK8Nm8RZMSU
SentinelOneStatic AI – Suspicious PE
FortinetW32/Agent.CWU!tr.bdr
BitDefenderThetaGen:NN.ZexaF.34700.Tq1@aSnrMJkb
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Generic/HEUR/QVM07.1.E92F.Malware.Gen

How to remove TrojanDownloader:Win32/Farfli.PJ!bit?

TrojanDownloader:Win32/Farfli.PJ!bit removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment