Categories: Malware

Barys.13779 information

The Barys.13779 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Barys.13779 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
A process attempted to delay the analysis task.
A process created a hidden window
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Deletes its original binary from disk
Executed a process and injected code into it, probably while unpacking
Steals private information from local Internet browsers
Creates a hidden or system file
Creates a copy of itself
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Harvests information related to installed mail clients
Collects information to fingerprint the system
Unusual version info supplied for binary

Related domains:

z.whorecord.xyz

a.tomx.xyz

easydriverservice.com

How to determine Barys.13779?


File Info:
crc32: B5F8E99Emd5: 622c4ae9524da88e53efce04b7e6d40cname: upload_filesha1: acb29987e1ec29deb8c08c8544f2d4b6ac0b8c78sha256: 434e925c3a1119b483c8775083dd2b9926dc986e0452269f5eaa73ed4b16577bsha512: eced7368200a80be72cea0a705e97ac6db7c904d866b67178a7fe64e29764dc856fde0988b6d369aa0db1029986c528629ec0ce9954d8adc558f4bfb04eea9d7ssdeep: 12288:XQrpFIdQVrhdRBt03+h03+gLweaxLfppwyV8GznGO2:gFIdAJ/03+h03+gLLaxjz5GHtype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
Translation: 0x0000 0x04b0LegalCopyright: (c) 2020 Skype and/or MicrosoftAssembly Version: 8.61.4.0InternalName: QjYeXyvmOi.exeFileVersion: 8.61.4.0CompanyName: Skype Technologies S.A.LegalTrademarks: Comments: SkypeProductName: SkypeProductVersion: 8.61.4.0FileDescription: SkypeOriginalFilename: QjYeXyvmOi.exe

Barys.13779 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Barys.13779
CAT-QuickHeal	Trojan.MSIL
McAfee	Fareit-FYE!622C4AE9524D
Cylance	Unsafe
K7AntiVirus	Trojan ( 005690671 )
BitDefender	Gen:Variant.Barys.13779
K7GW	Trojan ( 005690671 )
CrowdStrike	win/malicious_confidence_60% (W)
TrendMicro	TROJ_GEN.R002C0WHE20
Cyren	W32/Trojan.URMY-4091
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.MSIL.Taskun.gen
Alibaba	Trojan:MSIL/LokiSteal.f8524baf
Rising	Trojan.GenKryptik!8.AA55 (CLOUD)
Ad-Aware	Gen:Variant.Barys.13779
Sophos	Troj/Steal-AKT
F-Secure	Trojan.TR/AD.LokiBot.pprxf
DrWeb	BackDoor.SpyBotNET.25
VIPRE	Trojan.Win32.Generic!BT
FireEye	Generic.mg.622c4ae9524da88e
Emsisoft	Gen:Variant.Barys.13779 (B)
Ikarus	Trojan.Inject
Avira	TR/AD.LokiBot.pprxf
MAX	malware (ai score=80)
Antiy-AVL	Trojan/MSIL.Taskun
Microsoft	Trojan:MSIL/LokiSteal.VN!MTB
ZoneAlarm	HEUR:Trojan.MSIL.Taskun.gen
GData	Gen:Variant.Barys.13779
Cynet	Malicious (score: 85)
BitDefenderTheta	Gen:NN.ZemsilF.34186.Rm0@aaLKTLk
ALYac	Gen:Variant.Barys.13779
VBA32	TScope.Trojan.MSIL
Malwarebytes	Trojan.MalPack.FVTN
ESET-NOD32	a variant of MSIL/Kryptik.XIS
TrendMicro-HouseCall	TROJ_GEN.R002C0WHE20
Tencent	Msil.Trojan.Taskun.Wlfo
Fortinet	MSIL/GenKryptik.EQEQ!tr
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.9524da
Panda	Trj/GdSda.A
Qihoo-360	Win32/Trojan.fc8