Categories: Malware

Barys.325924 removal tips

The Barys.325924 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Barys.325924 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous .NET characteristics
Uses Windows utilities for basic functionality
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
A potential decoy document was displayed to the user
Creates a copy of itself
Creates known Njrat/Bladabindi RAT registry keys

How to determine Barys.325924?


File Info:
name: 8A8BD7E77C5AA82BE4B8.mlwpath: /opt/CAPEv2/storage/binaries/abd1e9bb910f2ee576bee960267e3c67fc215907909308d9cd415f3bf3cd8d8ccrc32: B96427BCmd5: 8a8bd7e77c5aa82be4b8b574b0a2d1efsha1: e261f52506982ba6dd1a771d147aae54031371d0sha256: abd1e9bb910f2ee576bee960267e3c67fc215907909308d9cd415f3bf3cd8d8csha512: 53b70c17e52da9df061bb2032ee76aab3ca216662afeba1dd6ecdcf68b3c9877d13dfc3f6b23da699247aa27990cc93328e3cd1ed71240a1fa5e506984c28ef2ssdeep: 3072:pNveU9Y53sLYwx5/lfzReYoYYlGQ4Dnhf1puAOq3gHmY:pEVGRvh1eflGt7pu/Rtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D4F3F9AB7584CF14EE581971C4DF983003D2EA871B72E7493F4D26A92E413F25E49BCAsha3_384: 641b4e7e7c75b917cbe42b346741eae2ccdfefec6a4852d5d40597dedcf4b4b8956c73d9d9661079404fbb021d7f2250ep_bytes: ff250020400000000000000000000000timestamp: 2022-07-29 17:49:47
Version Info:
0: [No Data]

Barys.325924 also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Barys.325924
FireEye	Generic.mg.8a8bd7e77c5aa82b
McAfee	BackDoor-FDNN!8A8BD7E77C5A
Cylance	Unsafe
VIPRE	Gen:Variant.Barys.325924
Sangfor	Worm.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
K7GW	Trojan ( 700000121 )
CrowdStrike	win/malicious_confidence_60% (D)
Baidu	MSIL.Backdoor.Bladabindi.a
Cyren	W32/MSIL_Bladabindi.DG.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Bladabindi.LX
APEX	Malicious
ClamAV	Win.Trojan.Bladabindi-9815414-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Barys.325924
Avast	Win32:RATX-gen [Trj]
Tencent	Trojan.MSIL.Bladabindi.ha
Ad-Aware	Gen:Variant.Barys.325924
Sophos	ML/PE-A + Mal/Bbindi-G
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.cm
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Barys.325924 (B)
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Barys.325924
Avira	TR/ATRAPS.Gen2
MAX	malware (ai score=86)
Arcabit	Trojan.Barys.D4F924
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Backdoor:MSIL/Bladabindi.AJ
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Llac.C63023
Acronis	suspicious
ALYac	Gen:Variant.Barys.325924
Malwarebytes	Backdoor.Bladabindi.Generic
Rising	Backdoor.njRAT!1.9E49 (CLASSIC)
Ikarus	Trojan.MSIL.Bladabindi
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Bladabindi.Q!tr
BitDefenderTheta	Gen:NN.ZemsilF.34806.jqW@aWmcVYf
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.506982
Panda	Trj/Genetic.gen