Categories: Malware

About “Barys.63319” infection

The Barys.63319 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Barys.63319 virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Authenticode signature is invalid
Tries to suspend Cuckoo threads to prevent logging of malicious activity
CAPE detected the VMProtectStub malware family

How to determine Barys.63319?


File Info:
name: 4E4FA0B8C73889E9AA02.mlwpath: /opt/CAPEv2/storage/binaries/7906580e80b1cef79ee93ea76aab5f2ad2b3d58fb71f6d5ea6ae592a5121479fcrc32: 0FE6E3BAmd5: 4e4fa0b8c73889e9aa028c8fd7d7b3a5sha1: 08423b5169ce720ac65cfcf56078844f25922db2sha256: 7906580e80b1cef79ee93ea76aab5f2ad2b3d58fb71f6d5ea6ae592a5121479fsha512: 6e00799e078be540edd986881ac81e020851a12008393f2109a48065a0bfd3dbd3cd6fdd3688324dad7506dedfd781c19d62a887cdab73bc21d50dbeb3ac0400ssdeep: 24576:pHIJSi8djECANZJPqF+BqZsVlZrwbSQTRA09+:JKEdgCss1wfqfb9+type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T18B2523117F26F8D0D49A0736AD0B98ACBA25BD264E407D5BA3C07F0E7CF13156EA525Csha3_384: c074f97549eee0770f9d640f76983c5905bca1b32caff0cea7812850f0319bb32e0f12f85f9f13c404e249631f66e828ep_bytes: e8894afeffada72424a827a77025e22btimestamp: 2017-01-04 13:34:43
Version Info:
CompanyName: Microsoft CorporationFileDescription: Microsoft (R) Developer StudioFileVersion: 6.00.8168.2InternalName: MSDEVLegalCopyright: Copyright (C) Microsoft Corp. 1992-1997OriginalFilename: MSDEV.EXEProductName: Microsoft (R) Visual StudioProductVersion: 6.00.8168.2Translation: 0x0409 0x04b0

Barys.63319 also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Multi.Generic.4!c
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.Barys.63319
FireEye	Generic.mg.4e4fa0b8c73889e9
McAfee	Artemis!4E4FA0B8C738
Malwarebytes	Malware.Heuristic.1003
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	TrojanClicker:Win32/VMProtBad.61bc2745
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.8c7388
BitDefenderTheta	Gen:NN.ZexaF.34742.9K0@aWSev7ki
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanClicker.Agent.NYY
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Barys.63319
NANO-Antivirus	Trojan.Win32.Agent.elscrv
Tencent	Win32.Trojan.Agent.Peqh
Ad-Aware	Gen:Variant.Barys.63319
Emsisoft	Gen:Variant.Barys.63319 (B)
Comodo	Virus.Win32.Virut.CE@1fhkga
DrWeb	Trojan.DownLoader23.56788
Zillya	Trojan.Generik.Win32.410
TrendMicro	TROJ_CLICKER.QKA
McAfee-GW-Edition	BehavesLike.Win32.Virus.dc
Trapmine	malicious.high.ml.score
Sophos	Mal/VMProtBad-A
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.ehoxk
Webroot	W32.Adware.Installcore
Avira	HEUR/AGEN.1225292
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Skeeyah.A!rfn
GData	Gen:Variant.Barys.63319
Cynet	Malicious (score: 100)
AhnLab-V3	Unwanted/Win32.Agent.C2039884
VBA32	Trojan.Downloader
ALYac	Gen:Variant.Barys.63319
MAX	malware (ai score=100)
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_CLICKER.QKA
Rising	Trojan.Generic@AI.93 (RDML:vtMZpmG2yO2EUBxiRSWbNw)
Fortinet	Generik.IDERNRG!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)