About “Barys.316843” infection

The Barys.316843 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Barys.316843 virus can do?

Sample contains Overlay data
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Deletes executed files from disk

How to determine Barys.316843?


File Info:
name: FF75599E234213FE7623.mlw
path: /opt/CAPEv2/storage/binaries/b1c4a46bd515a739ca325775cc313fba9b10c67e19b8836c73cda84a895f495c
crc32: 2E0B3D7E
md5: ff75599e234213fe76233f3dbb7651f6
sha1: b2beb85adf20656dd04b126c08c8a138d8caf086
sha256: b1c4a46bd515a739ca325775cc313fba9b10c67e19b8836c73cda84a895f495c
sha512: 386b4a52196df18928518ddeca9b86b0c58208a1da7d662ce3fc9733b472f05c091c5ec77599e7e51f2b00538167b14571f9d7783a94719d3bd894ee5b591a37
ssdeep: 24576:mM3uCQ++4VPMuozHE5jK/muWxkBLxETa/ZSo:moQX4iuorE5G/muW6BLqTgf
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T10615CF8F277A9457C10F237AEF6DC93A14816D7EFA52EBA23197B61B34063C051079B8
sha3_384: 84f6b5c044a2c3f0ba242c21ead19a8b90d71adf26a6da6a675f8b90c1756c65c05c2ec817b271707db1c2d353516783
ep_bytes: e8a76f6eb8ceebe9bd2fe2783f658ac2
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

Barys.316843 also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
FireEye	Generic.mg.ff75599e234213fe
CAT-QuickHeal	Trojan.Skeeyah.J1
McAfee	Packed-FJB!FF75599E2342
Malwarebytes	Crypt.Trojan.Malicious.DDS
VIPRE	Gen:Variant.Barys.316843
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005393141 )
BitDefender	Gen:Variant.Barys.316843
K7GW	Trojan ( 005376b01 )
Cybereason	malicious.e23421
Cyren	W32/Zusy.EM.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.GIRH
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Dridex-9860931-1
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Malware:Win32/km_2ea54.None
NANO-Antivirus	Trojan.Win32.PackedEntry.hsjtle
MicroWorld-eScan	Gen:Variant.Barys.316843
Avast	Win32:MalwareX-gen [Trj]
Tencent	Trojan.Win32.Kryptik.gifya
TACHYON	Trojan/W32.Selfmod
Emsisoft	Gen:Variant.Barys.316843 (B)
F-Secure	Heuristic.HEUR/AGEN.1343575
DrWeb	Trojan.DownLoader34.17905
Zillya	Trojan.Kryptik.Win32.2352242
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Trapmine	malicious.moderate.ml.score
Sophos	Troj/Agent-BFEY
Ikarus	Trojan.Win32.Tiggre
GData	Win32.Trojan.PSE.1AQB258
Avira	HEUR/AGEN.1343575
Antiy-AVL	Trojan/Win32.Kryptik.GIFY
Xcitium	TrojWare.Win32.Kryptik.TLS@812zm8
Arcabit	Trojan.Barys.D4D5AB
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	VirTool:Win32/CeeInject.AKZ!bit
Google	Detected
AhnLab-V3	Trojan/Win32.Packed.R357404
Acronis	suspicious
VBA32	Trojan.Copak
ALYac	Gen:Variant.Barys.316843
MAX	malware (ai score=85)
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Trojan.Kryptik!1.BF57 (CLASSIC)
Yandex	Trojan.GenAsa!0xM7zILK7cg
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.GIFQ!tr
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Barys.316843?

Barys.316843 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X