Trojan

Trojan:Win32/Barys.GMA!MTB (file analysis)

Malware Removal

The Trojan:Win32/Barys.GMA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Barys.GMA!MTB virus can do?

  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Barys.GMA!MTB?



File Info:

name: BFA27D672C65360E2050.mlw
path: /opt/CAPEv2/storage/binaries/0aefa905a04f282461f9e53bad9b992662267629043466440a656b8c9eeb5ab9
crc32: 033A6A68
md5: bfa27d672c65360e205022b52d6767d3
sha1: 267bbe167765337004e74a8c194b5b67a6616eef
sha256: 0aefa905a04f282461f9e53bad9b992662267629043466440a656b8c9eeb5ab9
sha512: e1c50e4c645c701d719b3e810980e6cf679eeea02ea8bb87512e97793a8141602825d941586f652795d2a417859161c0c0db33f8efd8b8c44c25eb20d2c6a32e
ssdeep: 3072:ByGqei2aOSmK+CfjX7PTHr/D3bvznLfjX7PTHr/D3bvznLfjX7PTHr/D3bvznLf9:3HpLQgngc8I96nmmOzsZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14414B0BAFD880B55D3D5337138227FF2E7089DA2CACD78493A9C09BE0371869452BD65
sha3_384: 868e18fa96c3d547d469ec1898b68001f6175dc4b477dd848893e91020d2bbbab85dd3903dc6a493020c77c71a5574d4
ep_bytes: cbdf66ba9b86d23d9e57ebac5c148316
timestamp: 1971-05-16 00:00:00


Version Info:

CompanyName: Wayne J. Radburn
FileDescription: PE/COFF File Viewer
FileVersion: 0.9.9.0
InternalName: PEview
LegalCopyright: Copyright© 1997-2011 Wayne J. Radburn
OriginalFilename: PEview.exe
ProductName: PEview
ProductVersion: 0.9.9.0
Translation: 0x0409 0x04e4

Trojan:Win32/Barys.GMA!MTB also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanDeepScan:Generic.Dacic.8952383F.A.341F9006
FireEyeGeneric.mg.bfa27d672c65360e
SkyhighBehavesLike.Win32.Generic.dc
McAfeeTrojan-FVOQ!BFA27D672C65
MalwarebytesGeneric.Malware.AI.DDS
VIPREDeepScan:Generic.Dacic.8952383F.A.341F9006
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0001b3411 )
K7GWTrojan ( 00571ed01 )
Cybereasonmalicious.677653
ArcabitDeepScan:Generic.Dacic.8952383F.A.341F9006
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HHBK
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Packed.Dridex-9861223-1
KasperskyVHO:Trojan.Win32.Copak.gen
BitDefenderDeepScan:Generic.Dacic.8952383F.A.341F9006
NANO-AntivirusTrojan.Win32.Kryptik.foobtk
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Kryptik.gify
TACHYONTrojan/W32.Selfmod
SophosMal/Inject-GJ
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.Siggen22.13815
Trapminemalicious.high.ml.score
EmsisoftDeepScan:Generic.Dacic.8952383F.A.341F9006 (B)
IkarusTrojan.Patched
WebrootW32.Trojan.Gen
VaristW32/Dacic.E.gen!Eldorado
AviraTR/Crypt.XPACK.Gen
Antiy-AVLGrayWare/Win32.Kryptik.gifq
XcitiumTrojWare.Win32.Kryptik.TLS@812zm8
MicrosoftTrojan:Win32/Barys.GMA!MTB
ZoneAlarmVHO:Trojan.Win32.Copak.gen
GDataWin32.Trojan.PSE.82PTV4
GoogleDetected
AhnLab-V3Packed/Win.FJB.R621438
VBA32Trojan.Khalesi
ALYacDeepScan:Generic.Dacic.8952383F.A.341F9006
MAXmalware (ai score=80)
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.Kryptik!1.B34D (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GIFQ!tr
BitDefenderThetaGen:NN.ZexaF.36608.m40@aazQJtd
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:Win32/Barys.GMA!MTB?

Trojan:Win32/Barys.GMA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment