Malware

About “Barys.319382” infection

Malware Removal

The Barys.319382 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.319382 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Deletes executed files from disk

How to determine Barys.319382?



File Info:

name: D4CD8768E8B471F8EE0F.mlw
path: /opt/CAPEv2/storage/binaries/42661715be7f9620ba6d36f71fe13c87e900fb507b49f2fabeca18855b567b87
crc32: 3BA4BB6C
md5: d4cd8768e8b471f8ee0f26925c9ea8b5
sha1: 24bd84fbc6b105b73bd263e7623bcd19c7fbe8be
sha256: 42661715be7f9620ba6d36f71fe13c87e900fb507b49f2fabeca18855b567b87
sha512: 211a97a64ef2cd7f876b2171a80341a891b4c38b277617e79e2b136f916e532be0b29c95e14205b7585ab6001d3cb4e523f4723c1eaabf0d42e005428d8bad39
ssdeep: 24576:b3GRzatThRiVNbLGJv6plFh9iGa2oMYMgdsHGeR:y8TjFJspDLoVMgdkLR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C635F0152B90CC61F3AFC17256E0AF34B6B73A202732CD4A6B4852391FF1E5EE791256
sha3_384: 253cd358329553ba2fe6b6d11b24d89ed14a2986a703393967b60f4ed6f623180fa1198927b26e5deb060de10f4b5d8a
ep_bytes: 558bec6aff68f8204000685018400064
timestamp: 2012-08-29 06:22:26


Version Info:

CompanyName: Oracle Corporation
FileDescription: Java(TM) Platform SE binary
FileVersion: 11.221.2.11
Full Version: 11.221.2.11
InternalName: Java SSV Agent Process
LegalCopyright: Copyright © 2019
OriginalFilename: ssvagent.exe
ProductName: Java(TM) Platform SE 8 U221
ProductVersion: 8.0.2210.11
Translation: 0x0000 0x04b0

Barys.319382 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.319382
FireEyeGeneric.mg.d4cd8768e8b471f8
CAT-QuickHealTrojanToga.MUE.R9
ALYacGen:Variant.Barys.319382
MalwarebytesGeneric.Trojan.Injector.DDS
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 003dc1641 )
K7GWTrojan ( 003dc1641 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34592.bv3@aObq7oci
CyrenW32/S-24f4c04b!Eldorado
SymantecW32.Faedevour!inf
ESET-NOD32a variant of Win32/TrojanDropper.Agent.PYF
BaiduWin32.Trojan-Dropper.Injector.f
TrendMicro-HouseCallTROJ_SYSN_GE2300B9.UVPA
ClamAVWin.Malware.Bzub-6727003-0
KasperskyBackdoor.Win32.Androm.qxe
BitDefenderGen:Variant.Barys.319382
NANO-AntivirusTrojan.Win32.Androm.ctymsi
CynetMalicious (score: 100)
APEXMalicious
TencentBackdoor.Win32.Androm.qxe
Ad-AwareGen:Variant.Barys.319382
EmsisoftGen:Variant.Barys.319382 (B)
ComodoTrojWare.Win32.Toga.PYF@7g9q1h
DrWebTrojan.Inject2.58694
VIPREGen:Variant.Barys.319382
TrendMicroTROJ_SYSN_GE2300B9.UVPA
McAfee-GW-EditionPWSZbot-FIB!D4CD8768E8B4
Trapminemalicious.high.ml.score
SophosMal/Generic-R + Troj/Mdrop-JIJ
IkarusBackdoor.Win32.Androm
JiangminTrojanDropper.Daws.byh
AviraTR/Dropper.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASBOL.CF5
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotWin32.Daws.B
GDataWin32.Trojan.PSE.10YPZ2S
GoogleDetected
AhnLab-V3Trojan/Win32.Androm.C843365
McAfeePWSZbot-FIB!D4CD8768E8B4
VBA32BScope.Trojan.Autoit
CylanceUnsafe
AvastWin32:Zbot-THZ [Trj]
RisingDropper.Agent!1.AF79 (CLASSIC)
YandexTrojan.GenAsa!zFH4sqyAwHU
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Injector.AQV!tr
AVGWin32:Zbot-THZ [Trj]
PandaTrj/CI.A

How to remove Barys.319382?

Barys.319382 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment