Malware

What is “Barys.317243 (B)”?

Malware Removal

The Barys.317243 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.317243 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • CAPE detected the Vidar malware family
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Harvests cookies for information gathering

How to determine Barys.317243 (B)?



File Info:

name: 08CA0E52948460C5C2F8.mlw
path: /opt/CAPEv2/storage/binaries/6a91a4affa1ec1e4e06492a200ed0365f21a2576f065852944fd7fb362ed1370
crc32: 2B7E691B
md5: 08ca0e52948460c5c2f82791a1ddb2fc
sha1: 3bf63775ab40e1848184934f358bd9f23883cea1
sha256: 6a91a4affa1ec1e4e06492a200ed0365f21a2576f065852944fd7fb362ed1370
sha512: 065de1d0b1113571406fe23c72b000c9a09f24e2a301438bfc7a1e9188f9d621cd02f8e060b6ad0ef808f0541e5ae9743b89f704f0e29c9caaca58e489d90898
ssdeep: 98304:JQ7mGt7vdp3Vcw4mAn2jk4F4i0Nz7Vl6kQ27QHryHuUhkD3uVj:JQ7dvdpmwtjPF4XzslGhkDCj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11936332E24E1C592C11308FFD9D15F27BFA999007C51B737B8B09F2AA640A875E53F4A
sha3_384: 0583d3611d0adcfef4e5c4de6696f15ded888899697659adff03c9d1e51d9831bf8bf8077d636ccfd0ea58fded19ac26
ep_bytes: 81ecd40200005356576a205f33db6801
timestamp: 2020-08-01 02:44:18


Version Info:

0: [No Data]

Barys.317243 (B) also known as:

LionicTrojan.Win32.Brook.4!c
MicroWorld-eScanGen:Variant.Barys.317243
FireEyeGeneric.mg.08ca0e52948460c5
CAT-QuickHealRansom.Stop.Z5
McAfeeArtemis!08CA0E529484
CylanceUnsafe
VIPREGen:Variant.Barys.317243
SangforTrojan.Win32.Save.a
AlibabaRansom:Win32/STOP.a83
Cybereasonmalicious.294846
CyrenW32/Trojan.RLLB-5801
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Barys-9859531-0
KasperskyTrojan.Win32.CookiesStealer.b
BitDefenderGen:Variant.Barys.317243
NANO-AntivirusTrojan.Win32.Loader.iwrypt
AvastWin32:Trojan-gen
RisingDropper.Agent/NSIS!1.D805 (CLASSIC:bWQ1OsB6lVB0mAIV)
SophosMal/Generic-R
ComodoMalware@#120c6ds8ailhn
F-SecureHeuristic.HEUR/AGEN.1213192
DrWebTrojan.Inject4.12781
TrendMicroTROJ_GEN.R002C0WFL21
McAfee-GW-EditionBehavesLike.Win32.Emotet.rc
EmsisoftGen:Variant.Barys.317243 (B)
SentinelOneStatic AI – Suspicious PE
GDataMSIL.Trojan.Kryptik.QZ
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1210138
MAXmalware (ai score=80)
KingsoftWin32.Troj.Agentb.kr.(kcloud)
ArcabitTrojan.Barys.D4D73B
ZoneAlarmHEUR:Trojan-Downloader.Win32.Zenlod.gen
MicrosoftTrojan:Win32/CookiesStealer.OE!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.C4537504
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34742.vuW@aa56ERcO
ALYacGen:Variant.Barys.317243
VBA32BScope.TrojanDownloader.Zenlod
MalwarebytesMalware.AI.3996975791
TrendMicro-HouseCallTROJ_GEN.R002C0WFL21
TencentWin32.Trojan-downloader.Zenlod.Hpi
IkarusTrojan.Crypter
FortinetW32/Agent.SNN!tr.dldr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Barys.317243 (B)?

Barys.317243 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment