Home / malware Backdoor:Win32/Farfli.I
First posted on 22 February 2020.
Source: MicrosoftAliases :
Backdoor:Win32/Farfli.I is also known as Win32/SillyDl!generic, Trojan-Downloader.Win32.Agent.ambm, Trojan horse PSW.OnlineGames.BFBQ, Trojan.Downloader.JLEA, Win32/TrojanDownloader.Small.OGQ, Trj/Downloader.UZB.
Explanation :
Backdoor:Win32/Farfli.I is a trojan that drops various files detected as malware into a system. It also has backdoor capabilities that allow it to contact a remote attacker and wait for instructions. InstallationUpon execution, Backdoor:Win32/Farfli.I drops the following files in the system:
drivers .sys - may be detected as TrojanDownloader:Win32/Perkesh.gen!A
%windir%.dll - detected as various samples of Trojan:Win32/Dogrobot, such as Trojan:Win32/Dogrobot.gen!J and Trojan:Win32/Dogrobot.A Some examples of .sys are: winsawids.sys kisawids.sys Some examples of .dll are: jiocs.dll Winsp.dll It may load its dropped DLL file by running the following command: rundll32.exe %windir% .dll MyEntryPoint Payload Allows backdoor access and controlBackdoor:Win32/Farfli.I may try to connect to various Web sites via TCP port 80 to send the infected system's MAC address and to download arbitrary files. This notifies a remote attacker that the system is infected, possibly allowing the attacker to remotely control the infected system. Some of the Web sites that it connects to are: w.qq-uc.cn baoge.9966.org mmd178.cn oiuyt.net Analysis by Andrei Florin Saygo Last update 22 February 2020
