Malware

Barys.317064 removal instruction

Malware Removal

The Barys.317064 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.317064 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to remove evidence of file being downloaded from the Internet
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location

How to determine Barys.317064?



File Info:

name: 545C1258FD3D8899E49E.mlw
path: /opt/CAPEv2/storage/binaries/4dc96ed09df91c6769926503ffc0a6e2b0cab896cb5d68d404353e1863bd16a4
crc32: 0D972B52
md5: 545c1258fd3d8899e49eeeaad11fe6ce
sha1: ca820f93984b035a9c1f45620e22fa4d0024e254
sha256: 4dc96ed09df91c6769926503ffc0a6e2b0cab896cb5d68d404353e1863bd16a4
sha512: 8354599c0baef916f1c7ddc3db0aed02bb1adde6fa77e142b0c7a8c87517980f9d484a35be16ba39f490592f6c7efbf9228e6dbc3364193954c9b29b79d1a71e
ssdeep: 49152:OKlQIevmuGCsAotKyQ0mFe7H87/mTMg/DwPXDIltJzCHI+5N4239zgy8TjFJscDk:PQIevmuhsoznSFJscDLAMgdxlx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10EF55B5BEF81E826EC0344B43968DB6A38457D7A65646C4BFB843F2691309C7BCF124B
sha3_384: 567512fc3d896d53a4b663e3aad32461c913b68505875d907c9736a233df771f28a3195745be9dbe76beb3c31aa4c97f
ep_bytes: 558bec6aff68f8204000685018400064
timestamp: 2012-08-29 06:22:26


Version Info:

Translation: 0x0404 0x04b0
ProductName: HV230
FileVersion: 1.00
ProductVersion: 1.00
InternalName: VT230
OriginalFilename: VT230.exe

Barys.317064 also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Barys.317064
FireEyeGeneric.mg.545c1258fd3d8899
CAT-QuickHealTrojanToga.MUE.R9
ALYacGen:Variant.Barys.317064
CylanceUnsafe
VIPREGen:Variant.Barys.317064
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 003dc1641 )
K7GWTrojan ( 003dc1641 )
Cybereasonmalicious.8fd3d8
BaiduWin32.Trojan-Dropper.Injector.f
CyrenW32/S-24f4c04b!Eldorado
SymantecW32.Faedevour!inf
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.PYF
APEXMalicious
ClamAVWin.Malware.Bzub-6727003-0
KasperskyBackdoor.Win32.Androm.qxe
BitDefenderGen:Variant.Barys.317064
NANO-AntivirusTrojan.Win32.Androm.ctymsi
AvastWin32:Zbot-THZ [Trj]
TencentBackdoor.Win32.Androm.qxe
Ad-AwareGen:Variant.Barys.317064
TACHYONBackdoor/W32.Androm.3448080
SophosMal/Generic-R + Troj/Mdrop-JIJ
ComodoTrojWare.Win32.Toga.PYF@7g9q1h
DrWebTrojan.Inject2.58694
ZillyaBackdoor.Androm.Win32.6167
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Barys.317064 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanDropper.Daws.byh
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASBOL.CF5
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotWin32.Daws.B
GDataWin32.Trojan.PSE.10YPZ2S
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Androm.C975497
McAfeePWSZbot-FIB!545C1258FD3D
MAXmalware (ai score=84)
VBA32BScope.Trojan.Autoit
MalwarebytesGeneric.Trojan.Injector.DDS
RisingDropper.Agent!1.AF79 (CLASSIC)
YandexTrojan.GenAsa!zFH4sqyAwHU
IkarusBackdoor.Win32.Androm
FortinetW32/Injector.AQV!tr
BitDefenderThetaGen:NN.ZexaF.34786.st3@ai4jEZdb
AVGWin32:Zbot-THZ [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Barys.317064?

Barys.317064 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment