Malware

What is “Barys.2832”?

Malware Removal

The Barys.2832 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.2832 virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics

How to determine Barys.2832?



File Info:

name: 738804A1523CD68FBCD4.mlw
path: /opt/CAPEv2/storage/binaries/0a901ad6281fe3affe3b9e89f4a344f3015d0204a77e221044b72ba1b4abf1aa
crc32: 4B9FD62D
md5: 738804a1523cd68fbcd44edd7e9dec40
sha1: 56aa924649bdbba5a1e5f6aefc99a9a8b9cf0764
sha256: 0a901ad6281fe3affe3b9e89f4a344f3015d0204a77e221044b72ba1b4abf1aa
sha512: a893666d74175f8fce5f0afc38324a60fd7cab72c83bf0cae1b1d30a9d1568581a9307fd4240abbb80ac2bdd1a0e627e12edc0da6967e6b0816238b5fd03adf3
ssdeep: 3072:DzVbtAnID3Pu01iX+Fet176sv/GSk+NTKFP1dNdHF26fwpvRSEAzPzrc77OWw8x1:XVhAnIbu0sT7b/CNTF2aqGc769/cj3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C81412B1B0856FD7F6890AF818B107E55DF08E790083A57F0903A9ADE9BB953A743353
sha3_384: c829efed2621dca5627427e9d91caf0e78a73285bc9e740bbbe3776053a0c5dfeec06a9eee1bd4b1ad99beae7f52dda7
ep_bytes: 6801004600c302a01220907777777770
timestamp: 2012-01-21 18:03:43


Version Info:

Comments: internet
CompanyName: internet
FileDescription: internet
LegalCopyright: internet
LegalTrademarks: internet
ProductName: internet
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Stubexe
OriginalFilename: Stubexe.exe
Translation: 0x0409 0x04b0

Barys.2832 also known as:

LionicTrojan.Win32.Generic.lupI
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Barys.2832
ALYacGen:Variant.Barys.2832
CylanceUnsafe
ZillyaTrojan.Packed.Win32.14299
SangforHacktool.Win32.VBInject.mt
K7AntiVirusRiskware ( 0015e4f11 )
AlibabaTrojan:Win32/VBKrypt.fa1b6dc8
K7GWRiskware ( 0015e4f11 )
Cybereasonmalicious.1523cd
ArcabitTrojan.Barys.DB10
CyrenW32/S-8e0290c1!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.MultiPacked.D
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.VBKrypt.vwuu
BitDefenderGen:Variant.Barys.2832
NANO-AntivirusTrojan.Win32.VB.jgduc
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Vbkrypt.Zchl
Ad-AwareGen:Variant.Barys.2832
EmsisoftGen:Variant.Barys.2832 (B)
ComodoPacked.Win32.MPack.D@4mtohr
DrWebTrojan.VbCrypt.8
VIPREGen:Variant.Barys.2832
McAfee-GW-EditionBehavesLike.Win32.Trojan.cc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.738804a1523cd68f
JiangminTrojan/Generic.vurq
WebrootW32.Trojan.Gen
AviraTR/Crypt.ASPM.Gen
Antiy-AVLTrojan/Generic.ASMalwS.224
MicrosoftPWS:Win32/Zbot!ml
GDataGen:Variant.Barys.2832
GoogleDetected
AhnLab-V3Trojan/Win32.VBKrypt.R35734
Acronissuspicious
McAfeeArtemis!738804A1523C
MAXmalware (ai score=100)
VBA32Malware-Cryptor.VB.gen.7
MalwarebytesMalware.Heuristic.1004
RisingTrojan.VBKrypt!8.5C0 (CLOUD)
YandexTrojan.GenAsa!UI2xd9fAXpk
IkarusVirus.Win32.VBInject
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.BBBQ!tr
BitDefenderThetaAI:Packer.390EAEBB1F
AVGWin32:Evo-gen [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Barys.2832?

Barys.2832 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment