Malware

About “Barys.63319” infection

Malware Removal

The Barys.63319 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Barys.63319 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • CAPE detected the VMProtectStub malware family

How to determine Barys.63319?



File Info:

name: 4E4FA0B8C73889E9AA02.mlw
path: /opt/CAPEv2/storage/binaries/7906580e80b1cef79ee93ea76aab5f2ad2b3d58fb71f6d5ea6ae592a5121479f
crc32: 0FE6E3BA
md5: 4e4fa0b8c73889e9aa028c8fd7d7b3a5
sha1: 08423b5169ce720ac65cfcf56078844f25922db2
sha256: 7906580e80b1cef79ee93ea76aab5f2ad2b3d58fb71f6d5ea6ae592a5121479f
sha512: 6e00799e078be540edd986881ac81e020851a12008393f2109a48065a0bfd3dbd3cd6fdd3688324dad7506dedfd781c19d62a887cdab73bc21d50dbeb3ac0400
ssdeep: 24576:pHIJSi8djECANZJPqF+BqZsVlZrwbSQTRA09+:JKEdgCss1wfqfb9+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18B2523117F26F8D0D49A0736AD0B98ACBA25BD264E407D5BA3C07F0E7CF13156EA525C
sha3_384: c074f97549eee0770f9d640f76983c5905bca1b32caff0cea7812850f0319bb32e0f12f85f9f13c404e249631f66e828
ep_bytes: e8894afeffada72424a827a77025e22b
timestamp: 2017-01-04 13:34:43


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft (R) Developer Studio
FileVersion: 6.00.8168.2
InternalName: MSDEV
LegalCopyright: Copyright (C) Microsoft Corp. 1992-1997
OriginalFilename: MSDEV.EXE
ProductName: Microsoft (R) Visual Studio
ProductVersion: 6.00.8168.2
Translation: 0x0409 0x04b0

Barys.63319 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Multi.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Barys.63319
FireEyeGeneric.mg.4e4fa0b8c73889e9
McAfeeArtemis!4E4FA0B8C738
MalwarebytesMalware.Heuristic.1003
SangforSuspicious.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanClicker:Win32/VMProtBad.61bc2745
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.8c7388
BitDefenderThetaGen:NN.ZexaF.34742.9K0@aWSev7ki
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanClicker.Agent.NYY
APEXMalicious
AvastWin32:Malware-gen
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Barys.63319
NANO-AntivirusTrojan.Win32.Agent.elscrv
TencentWin32.Trojan.Agent.Peqh
Ad-AwareGen:Variant.Barys.63319
EmsisoftGen:Variant.Barys.63319 (B)
ComodoVirus.Win32.Virut.CE@1fhkga
DrWebTrojan.DownLoader23.56788
ZillyaTrojan.Generik.Win32.410
TrendMicroTROJ_CLICKER.QKA
McAfee-GW-EditionBehavesLike.Win32.Virus.dc
Trapminemalicious.high.ml.score
SophosMal/VMProtBad-A
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.ehoxk
WebrootW32.Adware.Installcore
AviraHEUR/AGEN.1225292
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Skeeyah.A!rfn
GDataGen:Variant.Barys.63319
CynetMalicious (score: 100)
AhnLab-V3Unwanted/Win32.Agent.C2039884
VBA32Trojan.Downloader
ALYacGen:Variant.Barys.63319
MAXmalware (ai score=100)
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_CLICKER.QKA
RisingTrojan.Generic@AI.93 (RDML:vtMZpmG2yO2EUBxiRSWbNw)
FortinetGenerik.IDERNRG!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Barys.63319?

Barys.63319 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment