Malware

Barys.17983 (B) (file analysis)

Malware Removal

The Barys.17983 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.17983 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • CAPE detected the njRat malware family
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Barys.17983 (B)?



File Info:

name: F0315E189B5535FFC8E0.mlw
path: /opt/CAPEv2/storage/binaries/688445b18619e5c7f9023e7aadc7b7b1e2cb1302ce730ba642830845928302cf
crc32: 8BB6A0DD
md5: f0315e189b5535ffc8e0ddb783091376
sha1: 6b47b69bd8058d06be2dc26dc713727d11b29428
sha256: 688445b18619e5c7f9023e7aadc7b7b1e2cb1302ce730ba642830845928302cf
sha512: 36b722b4d6493688e80857e1489a3c3f976abb6678181136a2e69e9801b941b17c26a1584db7b00361189a30c3ab65823444c4e0f7fc78400c1775219a99664d
ssdeep: 6144:1ctb5qG/lKPyRulz0ant8LZqPz4auZqPz:6P/l18Xx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T119F407A273ACEC52D7780E3017738BA68B7ADD350862C6091DD4717CAE7E3726D016DA
sha3_384: 18230575497277267b4adb25bf96c076ac8e8d3bc3d8a20c203de1a48f0bb1fa33b5cda6ff57a466fbc7be3df884d6bf
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-02-05 20:46:57


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Builder.exe
LegalCopyright:  
OriginalFilename: Builder.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Barys.17983 (B) also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 99)
CAT-QuickHealTrojan.Generic.TRFH5
ALYacGen:Variant.Barys.17983
CylanceUnsafe
VIPREBackdoor.MSIL.Bladabindi.a (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0051c2441 )
BitDefenderGen:Variant.Barys.17983
K7GWTrojan ( 0051c2441 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduMSIL.Trojan-Dropper.Binder.a
VirITTrojan.Win32.Msil.CN
CyrenW32/MSIL_Bladabindi.AS.gen!Eldorado
SymantecBackdoor.Ratenjay
ESET-NOD32a variant of MSIL/TrojanDropper.Binder.CA
APEXMalicious
ClamAVWin.Dropper.njRAT-7436651-0
KasperskyUDS:DangerousObject.Multi.Generic
NANO-AntivirusTrojan.Win32.Agent.dzsrep
MicroWorld-eScanGen:Variant.Barys.17983
RisingBackdoor.Njrat!1.9E49 (CLASSIC)
EmsisoftGen:Variant.Barys.17983 (B)
ComodoTrojWare.MSIL.TrojanDropper.Binder.CA@7nerge
DrWebWin32.HLLW.Autoruner.25074
TrendMicroTROJ_BINDER.SMA
McAfee-GW-EditionBehavesLike.Win32.Generic.bt
FireEyeGeneric.mg.f0315e189b5535ff
SophosTroj/dnDrop-G
SentinelOneStatic AI – Malicious PE
JiangminTrojan/JboxGeneric.fgn
AviraBDS/Bladabindi.ajoqj
MAXmalware (ai score=84)
MicrosoftBackdoor:MSIL/Bladabindi
GDataGen:Variant.Barys.17983
McAfeeTrojan-FIKD!F0315E189B55
VBA32Trojan.MSIL.Disfa
MalwarebytesBackdoor.Bladabindi
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_BINDER.SMA
IkarusTrojan-Dropper.MSIL
eGambitRAT.njRat
FortinetMSIL/Dropper_Binder.BS!tr
BitDefenderThetaGen:NN.ZemsilF.34182.Vm0@aihbfef
AVGMSIL:Agent-DRD [Trj]
Cybereasonmalicious.89b553
AvastMSIL:Agent-DRD [Trj]
MaxSecureTrojan.Malware.121218.susgen

How to remove Barys.17983 (B)?

Barys.17983 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment