Home / malware Backdoor:Win32/Farfli.AV
First posted on 25 June 2013.
Source: MicrosoftAliases :
There are no other names known for Backdoor:Win32/Farfli.AV.
Explanation :
Installation
The trojan adds itself to the start menu to make sure it loads each time Windows starts. It copies itself as <start menu>\Programs\Startup\killmdx.
Payload
Connects to a remote server
Backdoor:Win32/Farfli.AV tries to connect to a remote server to receive commands.
We have seen it contact hackxiaoben.3322.org
Allows backdoor access and control
This trojan gives an attacker access and control of your computer, including, but not limited to, the following actions:
- Downloading and running files, including malware
- Uploading files
- Spreading to other computers
- Logging keystrokes or stealing sensitive information
- Modifying system settings
- Running or stopping applications
- Deleting files
Analysis by Daniel Radu
Last update 25 June 2013
