Trojan

Trojan.Bayrob.G3 (file analysis)

Malware Removal

The Trojan.Bayrob.G3 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Bayrob.G3 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself

How to determine Trojan.Bayrob.G3?



File Info:

name: FCBA46C4F393C824CF32.mlw
path: /opt/CAPEv2/storage/binaries/312c4079df446085d8961c7a3b9df25d7f4285fe42508b2bd240aeec5b6b8811
crc32: CB3A9500
md5: fcba46c4f393c824cf32dbe3a14f8bc3
sha1: 596475108816281f308807296f8e25a59b70439f
sha256: 312c4079df446085d8961c7a3b9df25d7f4285fe42508b2bd240aeec5b6b8811
sha512: b7d78051fd807b246c77450549aeca6c82992d7b798f127c0bab79041a32ecb58b870c6baba79c3f0a4020b2405228928decd1b3885efda57b72fe04761da826
ssdeep: 12288:j2RbHrfK8QkNnCPg3H79GIfyQAtYIOztbS8S3jsC:iRXK8QkZJ3H79xf3/31Sf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T149D49D11B593A0F3D46620B38169E7371A31BD760B29CAE3E7870E2959F6FC0D533692
sha3_384: 995098db52c08757cf3515d9407ad6e2d0b641a991a1e4a4f06923792f33573540ab1cc2fa92f14189f231a15c1f175b
ep_bytes: e830770100e9000000006a1468d04c49
timestamp: 2015-01-14 04:06:44


Version Info:

0: [No Data]

Trojan.Bayrob.G3 also known as:

BkavW32.FamVT.BRTTc.Worm
Elasticmalicious (high confidence)
DrWebTrojan.Bayrob.57
MicroWorld-eScanGen:Variant.Barys.58165
FireEyeGeneric.mg.fcba46c4f393c824
CAT-QuickHealTrojan.Bayrob.G3
ALYacGen:Variant.Barys.58165
CylanceUnsafe
ZillyaTrojan.SwizzorGen.Win32.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004dc2a31 )
K7GWTrojan ( 004dc2a31 )
Cybereasonmalicious.4f393c
BitDefenderThetaAI:Packer.693C6BF21E
CyrenW32/Nivdort.L.gen!Eldorado
SymantecTrojan.Bayrob!g12
ESET-NOD32a variant of Win32/Bayrob.CS
TrendMicro-HouseCallTROJ_BAYROB.SM7
ClamAVWin.Trojan.Emotet-6748801-0
KasperskyHEUR:Trojan.Win32.Bayrob.gen
BitDefenderGen:Variant.Barys.58165
NANO-AntivirusTrojan.Win32.Bayrob.eckeab
AvastFileRepMalware
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Variant.Barys.58165
SophosML/PE-A + Mal/Bayrob-C
BaiduWin32.Trojan.Bayrob.a
VIPRETrojan.Win32.Bayrob.bs (v)
TrendMicroTROJ_BAYROB.SM7
McAfee-GW-EditionBehavesLike.Win32.Trojan.jh
EmsisoftGen:Variant.Barys.58165 (B)
IkarusTrojan.Win32.Bayrob
GDataGen:Variant.Barys.58165
JiangminTrojan.Bayrob.vjq
AviraTR/Nivdort.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.1884FEC
MicrosoftTrojanSpy:Win32/Nivdort
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.C1386802
Acronissuspicious
McAfeeTrojan-FINB!FCBA46C4F393
MAXmalware (ai score=84)
VBA32BScope.Trojan.Bayrob
MalwarebytesTrojan.Bayrob.Generic
APEXMalicious
RisingTrojan.Generic@ML.100 (RDML:w2hTiQzO5YtihcYwspCviA)
YandexTrojan.GenAsa!R5unmOzdl6U
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_87%
FortinetW32/Bayrob.BT!tr
AVGFileRepMalware
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan.Bayrob.G3?

Trojan.Bayrob.G3 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment