Barys.319005 removal

The Barys.319005 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Barys.319005 virus can do?

• SetUnhandledExceptionFilter detected (possible anti-debug)
• Behavioural detection: Executable code extraction – unpacking
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Checks adapter addresses which can be used to detect virtual network interfaces
• A file with an unusual extension was attempted to be loaded as a DLL.
• Creates RWX memory
• Possible date expiration check, exits too soon after checking local time
• A process attempted to delay the analysis task.
• Dynamic (imported) function loading detected
• Performs HTTP requests potentially not found in PCAP.
• Enumerates running processes
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• Unconventionial binary language: Chinese (Simplified)
• Unconventionial language used in binary resources: Chinese (Simplified)
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• The executable is compressed using UPX
• Authenticode signature is invalid
• Uses Windows utilities for basic functionality
• Tries to unhook or modify Windows functions monitored by Cuckoo
• Attempted to write directly to a physical drive
• Attempts to modify proxy settings

How to determine Barys.319005?

File Info:
name: 427033C415ECA6777920.mlwpath: /opt/CAPEv2/storage/binaries/222a1d0b296f75da5dbf67c99a38707946623aae3e6439ba28b5d80c1b553404crc32: 0E91AE24md5: 427033c415eca6777920f2275241fdd3sha1: 3f75ebc697bf1f45b4fb8d8524e004e763dfe4b5sha256: 222a1d0b296f75da5dbf67c99a38707946623aae3e6439ba28b5d80c1b553404sha512: b45fca13718ac272d3389e6181d927c3a4bbc38989978a3e5ff0f400e92f6a219090cdd5b98305d1f58164cefcb7d67c56405276e89cae6e621409883f44ad38ssdeep: 196608:4qsfmSS/Bty/qOmf80XiC7LG+/G441IjKThJk8Sh40rwVCk:4q6O/Ly/nyF7LGr4vjKThLWtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1387633D57EE01CC0C48D62F24EB12999ABCC58E1C670D590A8D61EF46B7FBB3E669C04sha3_384: b1163713e5b1fa8247f253416729784baafa7b46d8eb3913472339d8ca7cadcf635f8138058be231922eb70bb8cd0066ep_bytes: 60be00705c008dbe00a0e3ff5789e58dtimestamp: 2022-06-16 11:33:44
Version Info:
FileVersion: 11.1.0.0FileDescription: 拼多多视频发布软件ProductName: 拼多多视频发布ProductVersion: 11.1.0.0CompanyName: 凯迪软件LegalCopyright: 凯迪软件Comments: 本程序使用易语言编写(http://www.eyuyan.com)Translation: 0x0804 0x04b0

Barys.319005 also known as:

How to remove Barys.319005?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.