Malware

Barys.555 (B) removal

Malware Removal

The Barys.555 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.555 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Barys.555 (B)?



File Info:

name: 4B9DDED5513AF17260E7.mlw
path: /opt/CAPEv2/storage/binaries/73b2745519a08eab67e4f68ce006bef9e89c88b47983db0bb569ee9d1ef64f57
crc32: 45ACE6E5
md5: 4b9dded5513af17260e71259905b4eb9
sha1: a6732604f2cef00e126fa5dd2151cc5cd5334378
sha256: 73b2745519a08eab67e4f68ce006bef9e89c88b47983db0bb569ee9d1ef64f57
sha512: 3784ee4c7ac048ee84c23b9668d64fd96dd955b1020b6e7496aad7150ef3c64ed75c68b3360169fa45e681e3269cfb4cd41646f35ab9b1564b14d45c34a209ea
ssdeep: 49152:w6VgvWf7t0howWiDb7WwM9gL/N7Uu6EW8qSQVklBRnne:woUWfuowW41M9gL/5Uu6EFQ8ne
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F18533ECA9EC80B9F70F8375D672DA7BCD4128313C2D9A3E60AA63184C3B195566DDD0
sha3_384: 9290f2d6f64328ae31b810cda226cae835c016b2992a6dad334e346ced5775cba2b009deb2c6b0879ed2c90a01a6e252
ep_bytes: b87c6941005064ff3500000000648925
timestamp: 2009-07-24 15:02:09


Version Info:

Translation: 0x0000 0x04b0
Comments: PBLauncher
CompanyName: KuyRai Studio
FileDescription: PBLauncher
FileVersion: 1.0.0.7
InternalName: PBLauncher.exe
LegalCopyright: Copyright ©  KuyRai Studio
LegalTrademarks: KuyRai Studio
OriginalFilename: PBLauncher.exe
ProductName: Properties
ProductVersion: 1.0.0.7
Assembly Version: 1.0.0.7

Barys.555 (B) also known as:

LionicTrojan.Win32.Barys.4!c
CynetMalicious (score: 100)
FireEyeGeneric.mg.4b9dded5513af172
ALYacGen:Variant.Barys.555
CylanceUnsafe
SangforTrojan.Win32.Wacatac.D7
Cybereasonmalicious.5513af
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
BitDefenderGen:Variant.Barys.555
MicroWorld-eScanGen:Variant.Barys.555
EmsisoftGen:Variant.Barys.555 (B)
McAfee-GW-EditionBehavesLike.Win32.Xiquitir.tc
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
JiangminTrojanDropper.MSIL.gmy
MAXmalware (ai score=87)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Barys.555
McAfeeArtemis!4B9DDED5513A
RisingMalware.Heuristic!ET#81% (RDMK:cmRtazpyJ0vc6emyJQEMgvJbpInw)
YandexTrojan.GenAsa!kxSk/ySzW0Q
BitDefenderThetaGen:NN.ZexaF.34182.Sj3fauQvqji
CrowdStrikewin/malicious_confidence_70% (W)
MaxSecureTrojan.Malware.9227182.susgen

How to remove Barys.555 (B)?

Barys.555 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment