CTFMOV.EXE – Backdoor Farfli

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

CTFMOV.EXE – Backdoor Farfli removal

FileMD5Virus Alias
CTFMOV.EXE d3dadbf731c28b8ca0af432913904cce Backdoor Farfli
CTFMOV.EXE d3dadbf731c28b8ca0af432913904cce Trojan Generic
CTFMOV.EXE d3dadbf731c28b8ca0af432913904cce Trojan Eldorado
CTFMOV.EXE d3dadbf731c28b8ca0af432913904cce Trojan Downloader
CTFMOV.EXE d3dadbf731c28b8ca0af432913904cce Trojan Agent
CTFMOV.EXE d3dadbf731c28b8ca0af432913904cce Trojan Small

CTFMOV.EXE size: 81920 bytes
CTFMOV.EXE hash: D3DADBF731C28B8CA0AF432913904CCE

Created files:

%WinDir%\819E31C7\svchsot.exe
%SysDir%\kscan.exe
%TEMP%\ctfmov.exe
%TEMP%\Server.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\819E31C7: %WinDir%\819E31C7\svchsot.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run : %WinDir%\System32\kscan.exe
HKLM\System\CurrentControlSet\Services\Nationaljrq\Type: 10010000
HKLM\System\CurrentControlSet\Services\Nationaljrq\Start: 02000000
HKLM\System\CurrentControlSet\Services\Nationaljrq\DisplayName: Nationalyta Instruments Domain Service
HKLM\System\CurrentControlSet\Services\Nationaljrq\ImagePath: %WinDir%\System32\kscan.exe
HKLM\System\CurrentControlSet\Services\Nationaljrq\Description: Providesmid a domain server for NI security.

Detected by UnHackMe:

CTFMOV.EXE
Default location: %TEMP%\CTFMOV.EXE

Dropper information:
MD5: d782d59f13c6237164473fe67237d7bd
File size: 174592 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images