Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Malware
Threat report

Barys.432014 (file analysis)

Published Nov 20, 2023 Malware category 2 min read
Report context

What to verify before removal

This report keeps Barys.432014 (file analysis) in the active library because the detection has enough technical context to support a careful second-opinion scan and cleanup decision.

Start by comparing the local file name with 9289EF886397991CD14C.mlw, then review the behavior notes for persistence entries, dropped files, unusual processes, and browser or network changes. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
9289EF886397991CD14C.mlw
  • Compare the suspicious file name with 9289EF886397991CD14C.mlw.
  • Confirm the detection name matches Barys.432014 (file analysis) before removing related files.
  • Review the report for persistence entries, dropped files, unusual processes, and browser or network changes so the cleanup is based on observed behavior, not only the label.
  • Run a full scan, quarantine confirmed detections, and restart before signing back in to sensitive accounts.

The Barys.432014 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Barys.432014 virus can do?

  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with Themida
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Barys.432014?



File Info:

name: 9289EF886397991CD14C.mlw
path: /opt/CAPEv2/storage/binaries/a6a8057d749e0bbff0fff30aee85b56da271d928e438b1b6c2801006b0407f55
crc32: 70E0AEDA
md5: 9289ef886397991cd14c6702a4dded05
sha1: f05cbf069793e19c791c76536aa3032df4bff5fa
sha256: a6a8057d749e0bbff0fff30aee85b56da271d928e438b1b6c2801006b0407f55
sha512: 7a464ed096a12772cf5c84bd996bd349d5dfb2db4cda634c8e334db145b8cf463bf38f9934b2207fbcc1bd46855ca72c8d08def5195ee21ee394052ace58d49c
ssdeep: 98304:1egyB8DGqebL6WqSa63DbYHhrdF1cJ+bpZWZgQiZg8atxYO+eVkeuTQeJasjQ1v:TZwKWofdPwWjDQiSHJVkeu8ew51v
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B466338750806FC3CBB093372D568104822AFD75CE462225B15F7FA6427658EDFF8BA9
sha3_384: 61d2b9a360a1252b911a60dfa9e0231be6ddbfb17395e97c659ee76bb92055ad6daff0d39bae43b621d4a3532199cc9e
ep_bytes: e84b0100005389e3538b73088b7b10fc
timestamp: 2021-10-21 10:04:14


Version Info:

Comments: 
CompanyName: 
FileDescription: Devfoam Applicatione MFC
FileVersion: 1, 0, 0, 1
InternalName: DevFoam
LegalCopyright: Авторские права (C) 2005
LegalTrademarks: 
OriginalFilename: DevFoam.EXE
PrivateBuild: 
ProductName: Devfoam Applicatione
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0019 0x04e3

Barys.432014 also known as:

Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
MicroWorld-eScan Gen:Variant.Barys.432014
FireEye Generic.mg.9289ef886397991c
Skyhigh BehavesLike.Win32.Generic.vc
McAfee Artemis!9289EF886397
Malwarebytes Generic.Malware/Suspicious
Cybereason malicious.69793e
Elastic malicious (moderate confidence)
APEX Malicious
BitDefender Gen:Variant.Barys.432014
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc
Emsisoft Gen:Variant.Barys.432014 (B)
VIPRE Gen:Variant.Barys.432014
Trapmine malicious.moderate.ml.score
SentinelOne Static AI – Suspicious PE
MAX malware (ai score=87)
Antiy-AVL GrayWare/Win32.Wacapew
Arcabit Trojan.Barys.D6978E
GData Gen:Variant.Barys.432014
Google Detected
ALYac Gen:Variant.Barys.432014
Cylance unsafe
Zoner Probably Heur.ExeHeaderL
TrendMicro-HouseCall TROJ_GEN.R002H09J923
Rising Trojan.Generic@AI.100 (RDML:JV24L2czZBLzdndkGcyTvA)
Ikarus Trojan.Win32.Krypt
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_70% (W)

How to remove Barys.432014?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.