Categories: Malware

Barys.317642 (file analysis)

The Barys.317642 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Barys.317642 virus can do?

Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Uses Windows utilities for basic functionality
CAPE detected the Tofsee malware family
Deletes executed files from disk
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Barys.317642?


File Info:
name: 2EE02D87980B4D5F3BA9.mlwpath: /opt/CAPEv2/storage/binaries/44523a65f3b86245cf5752ba5f820b0d66f9b608169d97a33c1a5a01e4e4d882crc32: 158D3BBCmd5: 2ee02d87980b4d5f3ba9e716ecf677b1sha1: ca9cfc5e578c321013c5e5bb9284216ab1fd33edsha256: 44523a65f3b86245cf5752ba5f820b0d66f9b608169d97a33c1a5a01e4e4d882sha512: 88ee334136a4680c2fc1c051c4be1d601aba0584909d2ddf78fddb4cbbef009d1d2bb5b7f6dc20a841fc422238a94a1776ba78ba9a4103cf94a71a1929ffb423ssdeep: 24576:0K0msDVzsDVzsDVzsDVzsDVzsDVzsDVzsDVzsDVzsDVzsDVzsDVzsDVzsDVzsDVy:btype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T176E659F17681E975C084F630882BCFE449ADEC84CC505A1A72B83E4FBAB73D525A552Fsha3_384: 694334784004faea992db6d700f7b9271a21bdd39a8591f646ccbb834a920812feff0ee77fdbde59413c0c2cb5da44ebep_bytes: e8fa330000e978feffff8bff558bec8btimestamp: 2021-04-30 01:48:46
Version Info:
FileVersion: 21.79.125.9InternationalName: povgwaoci.iweCopyrighz: Copyrighz (C) 2021, fuzkortaTranslations: 0x0120 0x010f

Barys.317642 also known as:

Bkav	W32.AIDetect.malware1
tehtris	Generic.Malware
DrWeb	Trojan.Siggen17.14529
MicroWorld-eScan	Gen:Variant.Barys.317642
FireEye	Generic.mg.2ee02d87980b4d5f
CAT-QuickHeal	Ransom.Stop.P5
ALYac	Gen:Variant.Barys.317642
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.3707910
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0058ecba1 )
K7GW	Trojan ( 0058ecba1 )
Cybereason	malicious.e578c3
Cyren	W32/Kryptik.EYC.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HOMX
APEX	Malicious
ClamAV	Win.Dropper.LokiBot-9940806-0
Kaspersky	HEUR:Trojan.Win32.Zenpak.gen
BitDefender	Gen:Variant.Barys.317642
Avast	Win32:AceCrypter-I [Cryp]
Tencent	Win32.Trojan.Zenpak.Ymhl
Ad-Aware	Gen:Variant.Barys.317642
Emsisoft	Trojan.Crypt (A)
VIPRE	Gen:Variant.Barys.317642
TrendMicro	Mal_Tofsee
McAfee-GW-Edition	BehavesLike.Win32.Generic.vh
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-R + Mal/Agent-AWV
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Barys.317642
Jiangmin	Trojan.Injuke.nwn
Google	Detected
Avira	TR/Dropper.Gen
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Generic.ASMalwS.50E8
Arcabit	Trojan.Barys.D4D8CA
ZoneAlarm	HEUR:Trojan.Win32.Zenpak.gen
Microsoft	Trojan:Win32/Azorult.RF!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Infostealer/Win.SmokeLoader.R474463
Acronis	suspicious
McAfee	Packed-GDT!2EE02D87980B
VBA32	Trojan.Sabsik.FL
Malwarebytes	Trojan.MalPack.GS
TrendMicro-HouseCall	Mal_Tofsee
Rising	Stealer.Agent!8.C2 (TFE:5:FVXpXEgDBIC)
Yandex	Trojan.Kryptik!k5SdmUVft4Q
Ikarus	Trojan.Win32.Azorult
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Siggen17.1461!tr
AVG	Win32:AceCrypter-I [Cryp]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)