Trojan

Trojan:Win32/Barys.GMA!MTB (file analysis)

Malware Removal

The Trojan:Win32/Barys.GMA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Barys.GMA!MTB virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Barys.GMA!MTB?



File Info:

name: 89BED5992BAE4A9117A2.mlw
path: /opt/CAPEv2/storage/binaries/0aecd044cb2432acf300868dd3eb281ce543d8bedbd8cb392456b69169250110
crc32: E6A1A22C
md5: 89bed5992bae4a9117a22e7994bb1187
sha1: e2200bd1e6bd008518d1bdd5a8da289ce08d6cf8
sha256: 0aecd044cb2432acf300868dd3eb281ce543d8bedbd8cb392456b69169250110
sha512: 089fec52ca4bdbd43254024cb98de05dfc2a3543d4950e392ecf85c7bb3b7e4b8595e1875a8c80b0da03659029a1fcb136ab78ba06338347aa42c6d7f6f346ba
ssdeep: 24576:Eroh6XFRbf0ezEM4dmv5BJtOtEM4dmv58:cio7bf0ezj425zUtj4258
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T138F4CF86B24DDD51CD3A3B3F2B6AB247F651B82EE939E04E275CC70A4152EF3518B250
sha3_384: 0b16b505452994e3ac4b5b56d793bc062ee3a68eec54f9b94159c91a4e2c05a08dbd2c4dd1012f5a631357737ad75a6d
ep_bytes: 427d368b1224820c17f5bb9dd5b6d327
timestamp: 1971-05-16 00:00:00


Version Info:

CompanyName: Wayne J. Radburn
FileDescription: PE/COFF File Viewer
FileVersion: 0.9.9.0
InternalName: PEview
LegalCopyright: Copyright© 1997-2011 Wayne J. Radburn
OriginalFilename: PEview.exe
ProductName: PEview
ProductVersion: 0.9.9.0
Translation: 0x0409 0x04e4

Trojan:Win32/Barys.GMA!MTB also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanDeepScan:Generic.Dacic.8952383F.A.5AFDF2C4
ClamAVWin.Packed.Razy-9786051-0
FireEyeGeneric.mg.89bed5992bae4a91
SkyhighBehavesLike.Win32.RAHack.bc
McAfeeTrojan-FVOQ!89BED5992BAE
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0001b3411 )
K7GWTrojan ( 0001b3411 )
Cybereasonmalicious.1e6bd0
ArcabitDeepScan:Generic.Dacic.8952383F.A.5AFDF2C4
BitDefenderThetaGen:NN.ZexaF.36680.W83@aSUsTC
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HHBK
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Trojan.Win32.Copak.gen
BitDefenderDeepScan:Generic.Dacic.8952383F.A.5AFDF2C4
NANO-AntivirusTrojan.Win32.Kryptik.foobtk
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.Win32.Kryptik.gify
SophosMal/Inject-GJ
F-SecureTrojan.TR/Patched.Ren.Gen
DrWebTrojan.PackedENT.192
VIPREDeepScan:Generic.Dacic.8952383F.A.5AFDF2C4
EmsisoftDeepScan:Generic.Dacic.8952383F.A.5AFDF2C4 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Patched.Ren.Gen
MAXmalware (ai score=81)
Antiy-AVLGrayWare/Win32.Kryptik.gifq
Kingsoftmalware.kb.a.964
XcitiumTrojWare.Win32.Kryptik.TLS@812zm8
MicrosoftTrojan:Win32/Barys.GMA!MTB
ZoneAlarmVHO:Trojan.Win32.Copak.gen
GDataWin32.Trojan.PSE.109W4IM
VaristW32/Dacic.E.gen!Eldorado
Acronissuspicious
VBA32Trojan.Khalesi
ALYacDeepScan:Generic.Dacic.8952383F.A.5AFDF2C4
TACHYONTrojan/W32.Selfmod
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.Kryptik!1.B34D (CLASSIC)
IkarusTrojan.Patched
FortinetW32/Kryptik.GIFQ!tr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:Win32/Barys.GMA!MTB?

Trojan:Win32/Barys.GMA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment