Malware

How to remove “Win32/Farfli.BWD”?

Malware Removal

The Win32/Farfli.BWD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Farfli.BWD virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the OrcusRAT malware family
  • Attempted to write directly to a physical drive
  • Deletes executed files from disk
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Farfli.BWD?



File Info:

name: C2B894633887B01A520E.mlw
path: /opt/CAPEv2/storage/binaries/9162acf5ca452ffee95050585ddcda730664f50b13402412388923cd9e18fa86
crc32: 8929B944
md5: c2b894633887b01a520ebe9ac3633b83
sha1: 64bcb0f2af3c141ac15af71ab9cb02db8df057fb
sha256: 9162acf5ca452ffee95050585ddcda730664f50b13402412388923cd9e18fa86
sha512: 03957abf1fd0a4ff4a84fa448bd84093a7e0abbfa85c5c4e4c2a2993e585b0a5bcc7cb270646db439f820830c2ae623bd49bcda10a9f23d3e43cecf40e4b92db
ssdeep: 12288:irOHEzsyJFD3qR/8CEbHcZQDvK1RvjBK4JxQsuU0r5:iyHEz7aq8ZQL0RvjsYtGr5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18F941292F6DBC47FC064137186E243C31BB4FCA12C2B276E538ED98A2C26555697E31B
sha3_384: 56f6de8a10b3dedce45762e916ba5028a9a11cb559d88b21873ea31f27ae1d33c42413d1fce04019f444a3e92decb37c
ep_bytes: 558bec83ec4456ff155c1100018bf08a
timestamp: 2003-03-25 07:08:18


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.3790.0 (srv03_rtm.030324-2048)
InternalName: Wextract                
LegalCopyright: (C) Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 6.00.3790.0
Translation: 0x0804 0x04b0

Win32/Farfli.BWD also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.luJl
MicroWorld-eScanWin32.Parite.F
FireEyeWin32.Parite.F
SkyhighGenericRXRL-WU!FFE29711918F
McAfeeGenericRXRL-WU!FFE29711918F
MalwarebytesGeneric.Malware/Suspicious
SangforTrojan.Win32.Parite.Vrma
CrowdStrikewin/malicious_confidence_90% (D)
K7GWTrojan ( 004d63431 )
K7AntiVirusTrojan ( 004d63431 )
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Farfli.BWD
APEXMalicious
KasperskyTrojan-Dropper.Win32.Dorgam.yad
BitDefenderWin32.Parite.F
NANO-AntivirusVirus.Win32.Parite.bgvo
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.114dee5c
EmsisoftWin32.Parite.F (B)
F-SecureTrojan.TR/Farfli.ncsjk
VIPREWin32.Parite.F
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusVirus.Win32.Parite
GDataWin32.Parite.F
JiangminTrojanDropper.Dorgam.vn
GoogleDetected
AviraTR/Farfli.ncsjk
VaristW32/Heuristic-119!Eldorado
Antiy-AVLTrojan[Dropper]/Win32.Dorgam
Kingsoftmalware.kb.a.1000
XcitiumMalware@#cmwlq84u8cfc
ArcabitWin32.Parite.F
ZoneAlarmTrojan-Dropper.Win32.Dorgam.yad
MicrosoftVirus:Win32/Parite.B
CynetMalicious (score: 99)
BitDefenderThetaAI:FileInfector.27EC70040E
ALYacWin32.Parite.F
MAXmalware (ai score=86)
VBA32BScope.Backdoor.Spy
Cylanceunsafe
RisingTrojan.Hitbrovi!8.2DCC (TFE:3:TZac0NQ1vMI)
YandexTrojan.DR.Dorgam!kyBP1UX0Cmg
MaxSecureTrojan.Malware.115959794.susgen
FortinetW32/Generic.AP.283EA8!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Win32/Farfli.BWD?

Win32/Farfli.BWD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment