Malware

About “Win32/Farfli.AKZ” infection

Malware Removal

The Win32/Farfli.AKZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Farfli.AKZ virus can do?

  • Executable code extraction
  • At least one process apparently crashed during execution
  • Creates RWX memory
  • Detected script timer window indicative of sleep style evasion
  • Reads data out of its own binary image
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • A scripting utility was executed
  • Installs itself for autorun at Windows startup
  • Checks the system manufacturer, likely for anti-virtualization
  • Anomalous binary characteristics

Related domains:

www.zuimihu.cn

How to determine Win32/Farfli.AKZ?



File Info:

crc32: FDA1FAE9
md5: ae727acabe76920441410b8a8cf835de
name: AE727ACABE76920441410B8A8CF835DE.mlw
sha1: 13a87b7345ed0d9224937d51a36d7d24c56d00aa
sha256: 0e2945c6c4bca7a871284194d2af9355a9017590ecca6767b2f7102cca21ef81
sha512: b66c351e6a8828eb8f2c9efe015b9a610a9cab8fd2c81a3ffd847d809f1a939203f276cdd007617ec8e7906f41b114d515a5a50aeeacb2273ef865ce36db02cf
ssdeep: 3072:RQv8dXUlw+dUUFRg2KMxKcNx2PyJZ/atNKRgJ9NUcCKBfS7uei5oxJgKj+fL:RQyE5dUUXFK0LNx24sYgJxVxYueNxJ8
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 1996-2016 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
InternalName: Adobe Flash Player Control Panel Applet 21.0
FileVersion: 21,0,0,242
CompanyName: Adobe Systems Incorporated
LegalTrademarks: Adobe Flash Player
ProductName: Adobe Flash Player Control Panel Applet
ProductVersion: 21,0,0,242
FileDescription: Adobe Flash Player Control Panel Applet
OriginalFilename: FlashPlayerCPLApp.cpl
Translation: 0x0409 0x04b0

Win32/Farfli.AKZ also known as:

BkavW32.AIDetectVM.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.RP.kK0@buUtAJfi
FireEyeGeneric.mg.ae727acabe769204
ALYacGen:Trojan.Heur.RP.kK0@buUtAJfi
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderGen:Trojan.Heur.RP.kK0@buUtAJfi
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.abe769
BitDefenderThetaAI:Packer.951C55F91F
CyrenW32/Trojan.HBPN-7817
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Downloader.Win32.Dupzom.cas
AlibabaTrojanDownloader:Win32/Farfli.969fcf45
ViRobotTrojan.Win32.C.Agent.175616.A
TencentWin32.Trojan-downloader.Dupzom.Lpla
Ad-AwareGen:Trojan.Heur.RP.kK0@buUtAJfi
SophosMal/Generic-R + Mal/VMProtBad-A
ComodoVirus.Win32.Virut.CE@1fhkga
F-SecureBackdoor.BDS/Backdoor.Gen7
TrendMicroTROJ_GEN.R002C0DAT21
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
EmsisoftGen:Trojan.Heur.RP.kK0@buUtAJfi (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Malware.Gen
AviraBDS/Backdoor.Gen7
MicrosoftBackdoor:Win32/Farfli.DA
GridinsoftTrojan.Win32.Downloader.oa
ArcabitTrojan.Heur.RP.EF6D33
ZoneAlarmTrojan-Downloader.Win32.Dupzom.cas
GDataGen:Trojan.Heur.RP.kK0@buUtAJfi
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4317461
McAfeeArtemis!AE727ACABE76
MAXmalware (ai score=92)
VBA32TrojanSpy.Agent
MalwarebytesMalware.Heuristic.1003
ESET-NOD32Win32/Farfli.AKZ
TrendMicro-HouseCallTROJ_GEN.R002C0DAT21
RisingTrojan.Generic@ML.92 (RDMK:ZHRgdtqoCtzgFqfVozI/cw)
IkarusBackdoor.Win32.Farfli
FortinetW32/Malicious_Behavior.VEX
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Backdoor.Farfli.HxAA8Y8A

How to remove Win32/Farfli.AKZ?

Win32/Farfli.AKZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment