Malware

Win32/Bayrob.CS malicious file

Malware Removal

The Win32/Bayrob.CS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Bayrob.CS virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Creates a copy of itself

How to determine Win32/Bayrob.CS?



File Info:

name: 18C938CCE12556DC5F8A.mlw
path: /opt/CAPEv2/storage/binaries/84fdea391c415c9cb30123a33c96d63fccd79c5e1ce9d89ef85ef9bfb1549b83
crc32: 42031A84
md5: 18c938cce12556dc5f8a71c9d567ea7f
sha1: 91d4da3434386cb079748af77e72a9309c8fe795
sha256: 84fdea391c415c9cb30123a33c96d63fccd79c5e1ce9d89ef85ef9bfb1549b83
sha512: 3d6b0086291058bad9b4fb4dc5598459fb90cc07ed2891794f9868a671f77c794ff26784c03f1bc71c3b804e5bf793745873c86cc179319e3b51d6fe928a13e5
ssdeep: 12288:hCGtV9970sY4byZIZ7ldeV9wwmJntlXf3gYvkLma:3tn9zYTZIMLjwvXffv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11EC49E11B583A273E8B209B3416DE62A1A35BD711F2DDBD3EBDB0A0A69F75C04333156
sha3_384: 975509b7dd5ca443a12aa3b0dbc389434818e6c65e07f2ccb19b0a8f25102db85f7955fcb86f5abf15777e6ac2cc2274
ep_bytes: e8524c0100e9000000006a146890be48
timestamp: 2014-11-25 23:05:36


Version Info:

0: [No Data]

Win32/Bayrob.CS also known as:

BkavW32.FamVT.BRTTc.Worm
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.58165
FireEyeGeneric.mg.18c938cce12556dc
CAT-QuickHealTrojanSpy.Nivdort.DR3
McAfeeTrojan-FINB!18C938CCE125
CylanceUnsafe
VIPRETrojan.Win32.Bayrob.bs (v)
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004dc2a31 )
K7GWTrojan ( 004dc2a31 )
Cybereasonmalicious.ce1255
BaiduWin32.Trojan.Bayrob.a
CyrenW32/Nivdort.L.gen!Eldorado
SymantecTrojan.Bayrob!gen8
ESET-NOD32a variant of Win32/Bayrob.CS
APEXMalicious
ClamAVWin.Trojan.Emotet-6748801-0
KasperskyHEUR:Trojan.Win32.Bayrob.gen
BitDefenderGen:Variant.Barys.58165
NANO-AntivirusTrojan.Win32.Bayrob.eckcvn
AvastWin32:Trojan-gen
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Variant.Barys.58165
SophosML/PE-A + Mal/Bayrob-C
DrWebTrojan.Bayrob.57
ZillyaTrojan.SwizzorGen.Win32.1
TrendMicroTROJ_BAYROB.SM7
McAfee-GW-EditionBehavesLike.Win32.Trojan.hh
EmsisoftGen:Variant.Barys.58165 (B)
IkarusTrojan.Win32.Bayrob
GDataGen:Variant.Barys.58165
JiangminTrojan.Bayrob.vhw
AviraTR/Nivdort.Gen2
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.188646B
MicrosoftTrojanSpy:Win32/Nivdort
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.C1386802
Acronissuspicious
BitDefenderThetaAI:Packer.FCDCC29D1E
ALYacGen:Variant.Barys.58165
VBA32BScope.Trojan.Bayrob
MalwarebytesTrojan.Bayrob.Generic
TrendMicro-HouseCallTROJ_BAYROB.SM7
RisingTrojan.Generic@ML.100 (RDML:QHCbqVkA/xGFeiayv30Qsg)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Bayrob.BT!tr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Win32/Bayrob.CS?

Win32/Bayrob.CS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment