The program FIREFLY.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with FIREFLY.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of FIREFLY.EXE
Full path on a computer: %Program Files%\Firefly-Remote\FireFly.exe
Detected by UnHackMe:
FIREFLY.EXE
Default location: %Program Files%\Firefly-Remote\FireFly.exe
Removal Results: Success
Number of reboot: 1
FIREFLY.EXE is known as:
Backdoor.Firefly.I, Backdoor.FireFly.13569, Backdoor.FireFly.i, Trojan.FireFly.swbbd, Backdoor.Trojan, Packed_Upack.O, Backdoor.FireFly.sU0xRP1KRoI, Backdoor.Firefly.I (B), TrojWare.GameThief.Nilage.~CRSA, BackDoor.FireFly, Mal.EncPk-BW, Backdoor.FireFly.j, Backdoor.FireFly, Hack.FireFly.y.(kcloud), Backdoor.FireFly.13575, Trojan.Xema, Backdoor.Firefly, probably a variant of Win32.Delf.HEPWABU, Trojan-Downloader.Geral, W32.FireFly.I.tr.bdr
FIREFLY.EXE hash:
- MD5: 4374a09dfa6b72e8e90febe95aa3ce09
The file tries to download information from some web sites.
How to quickly detect FIREFLY.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\Remote Control\Type: 0×00000110
- HKLM\System\CurrentControlSet\Services\Remote Control\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\Remote Control\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\Remote Control\ImagePath: “%Program Files%\Firefly-Remote\FireFly.exe”
- HKLM\System\CurrentControlSet\Services\Remote Control\ObjectName: “LocalSystem”
Folders:- %Program Files%\Firefly-Remote
Files:- %Program Files%\Firefly-Remote\FireFly.dat
- %Program Files%\Firefly-Remote\FireFly.exe
- %Program Files%\Firefly-Remote\FireFly.ini