Malware

Barys.4372 (file analysis)

Malware Removal

The Barys.4372 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.4372 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Serbian (Cyrillic)
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
s3.amazonaws.com
ocsp.digicert.com

How to determine Barys.4372?



File Info:

crc32: A679C1CA
md5: 88409a18dff3c0b39784ce27e524a5aa
name: 88409A18DFF3C0B39784CE27E524A5AA.mlw
sha1: 3a2a80d630634d0485d2fb6a047927488086afc2
sha256: 2371f3902684e1e5c40dd50962c3585755709248f7c4b6daabd22b12ebfe8981
sha512: 261821e1d445a2a71f3731b7bca94dde895eca16f239390a9374516317453d0e7cf7c20ee3869e2ea4904b50c277d3016729f5463f039bbf39c8e0f63294e02c
ssdeep: 1536:LS3XpnNcS9oaGvEtG9CAAWtdbPuvwgq+5:LwpNcTaqEnGlPgE+
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: tanfo tutele sbrano
InternalName: ramaio
FileVersion: 4.06.0009
CompanyName: varavi en
LegalTrademarks: canape latrai
Comments: Persi lieto amava
ProductName: mediti
ProductVersion: 4.06.0009
FileDescription: Rubato vagavi eletti rideva
OriginalFilename: ramaio.exe

Barys.4372 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0040df0e1 )
Elasticmalicious (high confidence)
DrWebBackDoor.IRC.NgrBot.41
CynetMalicious (score: 100)
CAT-QuickHealTrojan.GenericVMF.S20098904
ALYacGen:Variant.Barys.4372
CylanceUnsafe
ZillyaTrojan.Injector.Win32.421544
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 0040df0e1 )
Cybereasonmalicious.8dff3c
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.SHR
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Barys.4372
NANO-AntivirusTrojan.Win32.NgrBot.egzgrf
ViRobotTrojan.Win32.A.VBKrypt.90112.RA
MicroWorld-eScanGen:Variant.Barys.4372
TencentMalware.Win32.Gencirc.10b5738d
Ad-AwareGen:Variant.Barys.4372
SophosML/PE-A + Mal/Behav-405
ComodoTrojWare.Win32.Injector.XFR@4rorse
BitDefenderThetaGen:NN.ZevbaF.34294.fm0@aCQJIPfG
TrendMicroTROJ_VBINJECT_HA12003B.UVPM
McAfee-GW-EditionBehavesLike.Win32.ZBot.mm
FireEyeGeneric.mg.88409a18dff3c0b3
EmsisoftGen:Variant.Barys.4372 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/VBKrypt.hrck
AviraTR/ATRAPS.Gen2
eGambitUnsafe.AI_Score_92%
Antiy-AVLTrojan/Generic.ASMalwS.1EF42
MicrosoftVirTool:Win32/VBInject
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
GDataGen:Variant.Barys.4372
TACHYONTrojan/W32.VB-Agent.90112.JY
AhnLab-V3Trojan/Win32.VBKrypt.C161437
McAfeePWS-Zbot.gen.aej
MAXmalware (ai score=99)
VBA32BScope.Trojan.SkypeSpammer
MalwarebytesMalware.AI.4282322044
TrendMicro-HouseCallTROJ_VBINJECT_HA12003B.UVPM
YandexTrojan.GenAsa!dqVC0+ze3Ok
IkarusTrojan.Jorik
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.MBSX!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Barys.4372?

Barys.4372 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment