Categories: Malware

About “Barys.59785” infection

The Barys.59785 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Barys.59785 virus can do?

Sample contains Overlay data
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial language used in binary resources: Arabic (Libya)
The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid
Yara detections observed in process dumps, payloads or dropped files

How to determine Barys.59785?


File Info:
name: 989AE455FB8D8676CD93.mlwpath: /opt/CAPEv2/storage/binaries/768f539420566f69c43a76cc787d65dd61be9ca0afe66b5f7cbd2c212a596b0dcrc32: BE5BE4F5md5: 989ae455fb8d8676cd931df9979f822bsha1: a9a85345713192d80f6c2f5af7907a29cbd76769sha256: 768f539420566f69c43a76cc787d65dd61be9ca0afe66b5f7cbd2c212a596b0dsha512: 793387ee9f1ab51fdb0979bf716db2df607968517dbba5ef21589e75899cbd601d660df1988c8c6ebfeaf37345af3d69a9db59f69120027454570c4cf20a3f1dssdeep: 384:s+BN5kqgGilF5u+XVNu99u0DN5kqgGV+3nfh/+N68wvmmPeTk:s+/5kq4Pu+XVY9BJ5kqPgZWZwOmyktype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T118C3F823E32D44E9E3AF863D661B5148890F9E702350BACBE5DC306956773CAC4B11EEsha3_384: a7a4a8358b2e0186de451335882e2bf73961ca75ff01378f6a4e5f9cd0d529a1dc23cd37ffb5e982826ca08b93829730ep_bytes: 57565351e87ef4ffffc3cccccccccccctimestamp: 1973-03-03 10:25:35
Version Info:
CompanyName: JineJongFileDescription: JineJong companyFileVersion: Version 2.5.23InternalName: JineJongLegalCopyright: Copyright by JineJongOriginalFilename: JineJongTranslation: 0x040b 0x04e2

Barys.59785 also known as:

Bkav	W32.AIDetectMalware
AVG	Win32:Agent-AULS [Trj]
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.Barys.59785
FireEye	Generic.mg.989ae455fb8d8676
Skyhigh	BehavesLike.Win32.Upatre.cz
McAfee	PolyPatch-UPX
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Downloader.Upatre.Win32.71915
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 004bcce41 )
K7AntiVirus	Trojan ( 004bcce41 )
BitDefenderTheta	Gen:NN.ZexaF.36802.hm1@aS0Fu!mG
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	Win32/TrojanDownloader.Waski.A
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	Trojan-Downloader.Win32.Upatre.bla
BitDefender	Gen:Variant.Barys.59785
NANO-Antivirus	Trojan.Win32.Upatre.dfecyf
Avast	Win32:Agent-AULS [Trj]
Tencent	Trojan-DL.Win32.Upatre.hj
Emsisoft	Gen:Variant.Barys.59785 (B)
Baidu	Win32.Trojan-Downloader.Waski.a
F-Secure	Trojan.TR/Crypt.ZPACK.Gen
DrWeb	Trojan.DownLoad3.34292
VIPRE	Gen:Variant.Barys.59785
TrendMicro	TROJ_UPATRE.SM37
Trapmine	malicious.high.ml.score
Sophos	Troj/HkMain-AZ
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDownloader.Upatre.p
Varist	W32/Upatre.PF.gen!Eldorado
Avira	TR/Crypt.ZPACK.Gen
Antiy-AVL	Trojan[Downloader]/Win32.Upatre
Kingsoft	malware.kb.a.1000
Microsoft	Trojan:Win32/Zexa!pz
Xcitium	TrojWare.Win32.TrojanDownloader.Upatre.AAL@5iclp5
Arcabit	Trojan.Barys.DE989
ZoneAlarm	Trojan-Downloader.Win32.Upatre.bla
GData	Win32.Trojan.PSE.1OK3RY7
Google	Detected
AhnLab-V3	Downloader/Win.Upatre.R640236
VBA32	Trojan.Download
MAX	malware (ai score=88)
Cylance	unsafe
Panda	Trj/Upatre.N
TrendMicro-HouseCall	TROJ_UPATRE.SM37
Rising	Downloader.Waski!8.184 (TFE:2:1rA9VijPqKK)
Yandex	Trojan.GenAsa!+rIQ7cDoUXQ
Ikarus	Trojan.Win32.Bublik
Fortinet	W32/Waski.A!tr
DeepInstinct	MALICIOUS