Barys.14400 malicious file

The Barys.14400 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Barys.14400 virus can do?

Dynamic (imported) function loading detected
.NET file is packed/obfuscated with Confuser
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Barys.14400?


File Info:
name: 10DB60D3ED8408D5B0BE.mlw
path: /opt/CAPEv2/storage/binaries/b2260d530f51b2289e2c64579eb53c4c9ce0c9ee3c850e57e90296968fd9625e
crc32: 70A23D1C
md5: 10db60d3ed8408d5b0be71dca7c4eb69
sha1: 2df93325837e7fdfe10d1ddd13d64599e741d582
sha256: b2260d530f51b2289e2c64579eb53c4c9ce0c9ee3c850e57e90296968fd9625e
sha512: d8867a281f6045809f956d6e9b383f2eb0d33da3147732bbef90694b6790c698ef2c5910ba42e731f043f4f47c19df79ea4fb27fb86c09a6c6fa99879cdc8e4a
ssdeep: 12288:u5/38zNSS9w5Kop1AfI50tCFJRiG6n00qvwz0KRwzBd3X3uIIIkIxV0DTg9:hzNSCnq10I50tQPO0q0RzBd3X3B+Y9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11315BE9133F9D94DE0BB6F345DB14B945D32BCA2AE3AC70FA502708E5938B40DE61762
sha3_384: 69f1afe80cbdaaecae9bfcb38bce5d964bc68cf404be681577f969f6583e7e6fea0263d0342a39a523b24f83658509d6
ep_bytes: ff250020400000000000000000000000
timestamp: 2101-07-05 22:14:56

Version Info:
Translation: 0x0409 0x04e4
Comments: 
CompanyName: Alexander Roshal
FileDescription: WinRAR archiver
FileVersion: 6.1.1
InternalName: WinRAR
LegalCopyright: Copyright © Alexander Roshal 1993-2021
LegalTrademarks: 
OriginalFilename: WinRAR.exe
ProductName: WinRAR
ProductVersion: 6.1.1
Assembly Version: 1.0.0.0

Barys.14400 also known as:

Lionic	Trojan.Win32.Barys.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Barys.14400
ALYac	Trojan.MSIL.Stealer.gen
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
BitDefender	Gen:Variant.Barys.14400
CrowdStrike	win/malicious_confidence_70% (D)
Arcabit	Trojan.Barys.D3840
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Agent.VCJ
APEX	Malicious
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:qL8CVlqUOJKwjBK+b0zwEA)
Ad-Aware	Gen:Variant.Barys.14400
Emsisoft	Gen:Variant.Barys.14400 (B)
TrendMicro	TROJ_FRS.VSNTAP22
FireEye	Generic.mg.10db60d3ed8408d5
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
MAX	malware (ai score=84)
Gridinsoft	Ransom.Win32.Wacatac.sa
ZoneAlarm	HEUR:Trojan.MSIL.Agent.gen
Cynet	Malicious (score: 100)
McAfee	Artemis!10DB60D3ED84
Malwarebytes	Trojan.Agent
TrendMicro-HouseCall	TROJ_FRS.VSNTAP22
Ikarus	Trojan.MSIL.Agent
Fortinet	Malicious_Behavior.SB
BitDefenderTheta	Gen:NN.ZemsilF.34212.6m0@a0mTtFli
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen

How to remove Barys.14400?

Barys.14400 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X