Barys.324461 (file analysis)

The Barys.324461 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Barys.324461 virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Barys.324461?


File Info:
name: D4004B284DBD34E7F959.mlw
path: /opt/CAPEv2/storage/binaries/28c40d168603e6937e3217b1b6bb938877857de1feb4d41d93260a29cbf1b85d
crc32: 168F35AB
md5: d4004b284dbd34e7f9596f6aa76e63d9
sha1: be424d4e5cfad815f6ca114f5fd17a3048868966
sha256: 28c40d168603e6937e3217b1b6bb938877857de1feb4d41d93260a29cbf1b85d
sha512: 2a3e48ee9910a01aa4d2a5b38ab0c0781899745f94cbc12bc5bd1ec6159896dfa48bf9dbe9390758c2a875238f7c5d2b5a78938d8585e16f72363919e8f24e2f
ssdeep: 1536:oVp/tUovpUerg1J2RaSFdQOnlaOb+uJt8NE:oVlTS2kSF6OnlaOb+uJtB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T142530D8C765072DFC867C972CAA81C64EA60B4BB531BA307905315FD9A0D9DBCF151F2
sha3_384: ff3b40bf0b60bbff733eaf7ec8f931b26f1c07e6bf9ebbafed8278109fba246392a2b27fe3364902f756561cc60ff561
ep_bytes: ff250020400000000000000000000000
timestamp: 2057-07-23 18:04:34

Version Info:
Translation: 0x0000 0x04b0
Comments: Shell Infrastructure Host
CompanyName: Microsoft® Windows® Operating System
FileDescription: RuntimeBroker
FileVersion: 11.1.1941.748
InternalName: RuntimeBroker.exe
LegalCopyright: ©Microsoft Corporation. All Rights Reserved.
LegalTrademarks: ©Microsoft Corporation.
OriginalFilename: RuntimeBroker.exe
ProductName: RuntimeBroker
ProductVersion: 11.1.1941.748
Assembly Version: 11.1.1941.756

Barys.324461 also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Gen:Variant.Barys.324461
ALYac	Gen:Variant.Barys.324461
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005454ce1 )
K7GW	Trojan ( 005454ce1 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Spy.Agent.DZE
APEX	Malicious
Kaspersky	UDS:Trojan.Win32.GenericML.xnet
BitDefender	Gen:Variant.Barys.324461
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Gen:Variant.Barys.324461
Emsisoft	Gen:Variant.Barys.324461 (B)
F-Secure	Trojan.TR/Spy.Agent.izobs
VIPRE	Gen:Variant.Barys.324461
McAfee-GW-Edition	Artemis
FireEye	Generic.mg.d4004b284dbd34e7
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.Barys.324461
Avira	TR/Spy.Agent.izobs
MAX	malware (ai score=85)
Arcabit	Trojan.Barys.D4F36D
ZoneAlarm	UDS:Trojan.Win32.GenericML.xnet
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
McAfee	Artemis!D4004B284DBD
VBA32	CIL.HeapOverride.Heur
Fortinet	MSIL/Agent.DZE!tr.spy
BitDefenderTheta	Gen:NN.ZemsilF.34806.em0@aOUy@gl
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.e5cfad

How to remove Barys.324461?

Barys.324461 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X