Malware

About “Barys.433868” infection

Malware Removal

The Barys.433868 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.433868 virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Barys.433868?



File Info:

name: 96801D5396856E892D20.mlw
path: /opt/CAPEv2/storage/binaries/11be0ae3046085e7aa8cf0cff16ea2b998712ca9a09b2c6a51574afaac5fb771
crc32: 61FF745D
md5: 96801d5396856e892d20a46b216a711a
sha1: 8c4737e85348b6289c02117a6b6fade5a2482c44
sha256: 11be0ae3046085e7aa8cf0cff16ea2b998712ca9a09b2c6a51574afaac5fb771
sha512: c508e61385a7256a93e2646435d89684f34bcb0d314ec3d4bd7937b7f613912ae829dd3c85333a5b506657315711e313a9c377629532849b6bce1597894d1c4d
ssdeep: 12288:cf9DrbF5ZldWE+qjICp117iJ3GXIcFTUhNrM0Lgi:A9DrZl03IzJtT4lM0Lgi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C4D4E112B244C530E1E202331659CB81293EBD316B6AAAC76798761DFFF1BC1D772B52
sha3_384: 45fac10e6ace2da8f66c525998ac0a5bfb98cb3dfed2e49cbd07b5b8a85e19f4d85d5bda2a2f2e24f9153537fe01fe04
ep_bytes: e845810000e97ffeffffe9740400003b
timestamp: 2016-05-23 04:06:53


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Office Word
FileVersion: 12.0.4518.1014
InternalName: WinWord
LegalCopyright: © 2006 Microsoft Corporation.  All rights reserved.
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename: WinWord.exe
ProductName: 2007 Microsoft Office system
ProductVersion: 12.0.4518.1014
Translation: 0x0000 0x04e4

Barys.433868 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.433868
SkyhighBehavesLike.Win32.Generic.jc
ALYacGen:Variant.Barys.433868
Cylanceunsafe
VIPREGen:Variant.Barys.433868
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 004b98fe1 )
K7AntiVirusTrojan ( 004b98fe1 )
ArcabitTrojan.Barys.D69ECC
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDropper.Agent.QUM
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Malware.Bskd-9753126-0
KasperskyBackdoor.Win32.Salgorea.jp
BitDefenderGen:Variant.Barys.433868
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:Agent-AYZG [Cryp]
TencentMalware.Win32.Gencirc.10bd1f82
EmsisoftGen:Variant.Barys.433868 (B)
F-SecureTrojan.TR/Crypt.ZPACK.Gen2
DrWebTrojan.MulDrop15.59585
ZillyaDropper.Agent.Win32.439171
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.96801d5396856e89
SophosTroj/Agent-BFWI
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Salgorea.f
AviraTR/Crypt.ZPACK.Gen2
MAXmalware (ai score=86)
Antiy-AVLTrojan[Backdoor]/Win32.Salgorea.gen
XcitiumTrojWare.Win32.TrojanDropper.Agent.UQM@7w0r36
MicrosoftTrojan:Win32/Agent.AG!MTB
ZoneAlarmBackdoor.Win32.Salgorea.jp
GDataWin32.Trojan.Salgorea.B
GoogleDetected
AhnLab-V3Dropper/Win.Agent.R620316
McAfeeGenericRXLH-OM!96801D539685
TACHYONTrojan/W32.Salgorea.637533
VBA32BScope.TrojanDropper.Agent
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
RisingTrojan.Salgorea!1.BAD6 (CLASSIC)
IkarusTrojan.Win32.Salgorea
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.RRQ!tr
BitDefenderThetaGen:NN.ZexaF.36792.M03@amGYVSmi
AVGWin32:Agent-AYZG [Cryp]
Cybereasonmalicious.85348b
DeepInstinctMALICIOUS

How to remove Barys.433868?

Barys.433868 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment