Malware

Barys.325758 removal guide

Malware Removal

The Barys.325758 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.325758 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Turkish
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Barys.325758?



File Info:

name: F469103D1EC3F50BDE3B.mlw
path: /opt/CAPEv2/storage/binaries/9b9d7230f86c72facdd510cc1d0fafe942128876556c5f682f34844965302f60
crc32: 8F75DFF2
md5: f469103d1ec3f50bde3b6fe39c5a51a5
sha1: e39a99ea010a07822cf11804a6c63f655ff16ed7
sha256: 9b9d7230f86c72facdd510cc1d0fafe942128876556c5f682f34844965302f60
sha512: 6311917ed6f4cb041c18b29ca408e67b3e29967d38b4d95c100795ef754b64451b8dc2d778b32f2dc5d45fff7c26f68ed4d74fcef346923f9531dea5eaade372
ssdeep: 24576:98cGb3aVhQxa7gPGRzatThRiVNbLGJv6plFh9iGa2oMYMgdsHGa:98cGbakx1m8TjFJspDLoVMgdk1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18165E012B7E58071F2F79B709AF92B74AA7BBE212B35C40F1788552C1DB1A51DA31323
sha3_384: d73c5adf3c2a93400358bc2bbfdb51aab608d82ea2b4f02d9e4a7f1ac56bb252870fccbc538eb5783bf220faeb42be98
ep_bytes: 558bec6aff68f8204000685018400064
timestamp: 2012-08-29 06:22:26


Version Info:

CompanyName: Macrovision Corporation
FileDescription: Setup.exe
FileVersion: 12.0.58849
InternalName: Setup
OriginalFilename: Setup.exe
LegalCopyright: Copyright (C) 2006 Macrovision Corporation
ProductName: InstallShield
ProductVersion: 12.0
OLESelfRegister: 
Translation: 0x0409 0x04b0

Barys.325758 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.325758
FireEyeGeneric.mg.f469103d1ec3f50b
CAT-QuickHealTrojanToga.MUE.R9
SkyhighPWSZbot-FIB!F469103D1EC3
McAfeePWSZbot-FIB!F469103D1EC3
MalwarebytesBackdoor.Andromeda
VIPREGen:Variant.Barys.325758
K7AntiVirusTrojan ( 003dc1641 )
K7GWTrojan ( 003dc1641 )
Cybereasonmalicious.a010a0
BaiduWin32.Trojan-Dropper.Injector.f
SymantecW32.Faedevour!inf
ESET-NOD32a variant of Win32/TrojanDropper.Agent.PYF
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Androm.qxe
BitDefenderGen:Variant.Barys.325758
NANO-AntivirusTrojan.Win32.Androm.ctymsi
SUPERAntiSpywareBackdoor.Andromeda/Variant
AvastWin32:Zbot-THZ [Trj]
TencentBackdoor.Win32.Androm.qxe
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.Inject2.58694
TrendMicroBKDR_ANDROM_HA050002.UVPM
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusBackdoor.Win32.Androm
JiangminTrojan.Agent.qcz
GoogleDetected
AviraTR/Dropper.Gen
Antiy-AVLTrojan[Backdoor]/Win32.Androm.qxe
XcitiumTrojWare.Win32.Toga.PYF@7g9q1h
ArcabitTrojan.Barys.D4F87E
ViRobotWin32.Daws.B
ZoneAlarmBackdoor.Win32.Androm.qxe
GDataWin32.Trojan.PSE.10YPZ2S
VaristW32/S-24f4c04b!Eldorado
ALYacGen:Variant.Barys.325758
MAXmalware (ai score=82)
VBA32BScope.Trojan.Autoit
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallBKDR_ANDROM_HA050002.UVPM
RisingDropper.Agent!1.AF79 (CLASSIC)
YandexTrojan.GenAsa!zFH4sqyAwHU
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.PYF!tr
AVGWin32:Zbot-THZ [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Barys.325758?

Barys.325758 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment