Malware

Barys.325924 removal tips

Malware Removal

The Barys.325924 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.325924 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • A potential decoy document was displayed to the user
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Barys.325924?



File Info:

name: 8A8BD7E77C5AA82BE4B8.mlw
path: /opt/CAPEv2/storage/binaries/abd1e9bb910f2ee576bee960267e3c67fc215907909308d9cd415f3bf3cd8d8c
crc32: B96427BC
md5: 8a8bd7e77c5aa82be4b8b574b0a2d1ef
sha1: e261f52506982ba6dd1a771d147aae54031371d0
sha256: abd1e9bb910f2ee576bee960267e3c67fc215907909308d9cd415f3bf3cd8d8c
sha512: 53b70c17e52da9df061bb2032ee76aab3ca216662afeba1dd6ecdcf68b3c9877d13dfc3f6b23da699247aa27990cc93328e3cd1ed71240a1fa5e506984c28ef2
ssdeep: 3072:pNveU9Y53sLYwx5/lfzReYoYYlGQ4Dnhf1puAOq3gHmY:pEVGRvh1eflGt7pu/R
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D4F3F9AB7584CF14EE581971C4DF983003D2EA871B72E7493F4D26A92E413F25E49BCA
sha3_384: 641b4e7e7c75b917cbe42b346741eae2ccdfefec6a4852d5d40597dedcf4b4b8956c73d9d9661079404fbb021d7f2250
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-07-29 17:49:47


Version Info:

0: [No Data]

Barys.325924 also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.325924
FireEyeGeneric.mg.8a8bd7e77c5aa82b
McAfeeBackDoor-FDNN!8A8BD7E77C5A
CylanceUnsafe
VIPREGen:Variant.Barys.325924
SangforWorm.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_60% (D)
BaiduMSIL.Backdoor.Bladabindi.a
CyrenW32/MSIL_Bladabindi.DG.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Bladabindi.LX
APEXMalicious
ClamAVWin.Trojan.Bladabindi-9815414-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Barys.325924
AvastWin32:RATX-gen [Trj]
TencentTrojan.MSIL.Bladabindi.ha
Ad-AwareGen:Variant.Barys.325924
SophosML/PE-A + Mal/Bbindi-G
McAfee-GW-EditionBehavesLike.Win32.Backdoor.cm
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Barys.325924 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Barys.325924
AviraTR/ATRAPS.Gen2
MAXmalware (ai score=86)
ArcabitTrojan.Barys.D4F924
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftBackdoor:MSIL/Bladabindi.AJ
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Llac.C63023
Acronissuspicious
ALYacGen:Variant.Barys.325924
MalwarebytesBackdoor.Bladabindi.Generic
RisingBackdoor.njRAT!1.9E49 (CLASSIC)
IkarusTrojan.MSIL.Bladabindi
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Bladabindi.Q!tr
BitDefenderThetaGen:NN.ZemsilF.34806.jqW@aWmcVYf
AVGWin32:RATX-gen [Trj]
Cybereasonmalicious.506982
PandaTrj/Genetic.gen

How to remove Barys.325924?

Barys.325924 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment