Trojan.Barys

By GoldSparrow in Trojans

Threat Scorecard

Ranking:	11,310
Threat Level:	80 % (High)
Infected Computers:	2,018

First Seen:	April 3, 2012
Last Seen:	September 3, 2023
OS(es) Affected:	Windows

The Barys malware falls in the category of a Trojan Downloader and is programmed to allow its operators to download and upload files to your computer without you noticing it Malware researchers note that the Barys Trojan has some interesting features like the implementation of the Dropbox online file storage service. The Barys Trojan also could be encountered under the name of Trojan:Win32/Congrim. The Barys Trojan may be delivered to users via spam campaigns or travel bundled with free program installers that are promoted on suspicious websites. The Barys Trojan is known to make TCP connections via port 443 to remote hosts such as Software.trickip.net, 83.133.127.200, Weaversbase.com and Cms.abmr.net.

The Congrim (Barys) Trojan might install its main executable in the AppData folder, and its support components in the Temp folder to prevent easy detection. The Barys Trojan can provide its operators with a remote access to infected systems and allow them to run arbitrary code that may inflict severe damages to single computers and networks alike. The Barys Trojan could be instructed to download and install cryptomalware like the Onion Ransomware and the Locker Ransomware. Malware researchers point out that the Barys Trojan may create a Mutex in the Windows Registry to prevent more than one instance from running on infected systems. Additionally, the Barys (Congrim) Trojan may use TMP and DLL files to carry out commands and inject code into running processes like explorer.exe, dw20.exe and iexplorer.exe. The Barys Trojan may modify the security settings of Internet Explorer to tag its 'Command and Control' servers as safe. The Barys Trojan Downloader is written with the Microsoft C++ programming language and may run on all Windows versions and architectures. Therefore, you should install a renowned anti-malware solution to prevent the infiltration of the Barys Trojan or clean the infected machine.

Table of Contents

SpyHunter Detects & Remove Trojan.Barys

File System Details

Trojan.Barys may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	AMDEx3.msi	07e30abd8c44221053a93e706c13dbfd	113
Name: AMDEx3.msi MD5: 07e30abd8c44221053a93e706c13dbfd Size: 18.94 KB (18944 bytes) Detections: 113 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
2.	dllhost.exe	9aca244ac7d1805ce5998764761141b7	89
Name: dllhost.exe MD5: 9aca244ac7d1805ce5998764761141b7 Size: 333.31 KB (333312 bytes) Detections: 89 Type: Executable File Path: %APPDATA%\Microsoft Corporation Group: Malware file Last Updated: August 5, 2016
3.	AMDEx3.msi	13588a92d58cf32b972e71e4878bf789	33
Name: AMDEx3.msi MD5: 13588a92d58cf32b972e71e4878bf789 Size: 19.96 KB (19968 bytes) Detections: 33 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
4.	AMDEx3.msi	90080da4654d078064c8a6b1fd89c4d8	32
Name: AMDEx3.msi MD5: 90080da4654d078064c8a6b1fd89c4d8 Size: 23.04 KB (23040 bytes) Detections: 32 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
5.	AMDEx3.msi	a5734cefcf843cb733ce34e869902c74	30
Name: AMDEx3.msi MD5: a5734cefcf843cb733ce34e869902c74 Size: 16.38 KB (16384 bytes) Detections: 30 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
6.	amdex3.msi	e9a47c0f1d0974f6d7dcb3e1e069eaaa	25
Name: amdex3.msi MD5: e9a47c0f1d0974f6d7dcb3e1e069eaaa Size: 13.31 KB (13312 bytes) Detections: 25 Type: Windows Installer Package Path: c:\windows\installer\amdex3.msi Group: Malware file Last Updated: February 2, 2023
7.	AMDEx3.msi	a53b02cf714e75a18a60f5c9e11a545b	24
Name: AMDEx3.msi MD5: a53b02cf714e75a18a60f5c9e11a545b Size: 18.43 KB (18432 bytes) Detections: 24 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
8.	file.exe	b3c0abefe12f511f0b625039804185fb	18
Name: file.exe MD5: b3c0abefe12f511f0b625039804185fb Size: 224.25 KB (224256 bytes) Detections: 18 Type: Executable File Group: Malware file Last Updated: February 18, 2022
9.	AMDEx3.msi	b1efb08443b114d5c7d422312dc59ef6	16
Name: AMDEx3.msi MD5: b1efb08443b114d5c7d422312dc59ef6 Size: 19.45 KB (19456 bytes) Detections: 16 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: March 22, 2019
10.	AMDEx3.msi	9fcbe186e76f5434ad87595f0a4433bc	4
Name: AMDEx3.msi MD5: 9fcbe186e76f5434ad87595f0a4433bc Size: 31.74 KB (31744 bytes) Detections: 4 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
11.	dllhost.exe	5c91601e3ceedf54069feb57d9bc0f79	4
Name: dllhost.exe MD5: 5c91601e3ceedf54069feb57d9bc0f79 Size: 387.07 KB (387072 bytes) Detections: 4 Type: Executable File Path: %APPDATA%\Microsoft Corporation Group: Malware file Last Updated: August 5, 2016
12.	AMDEx3.msi	9759482e6f93c7ca41a9f05de3e3be40	2
Name: AMDEx3.msi MD5: 9759482e6f93c7ca41a9f05de3e3be40 Size: 14.33 KB (14336 bytes) Detections: 2 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
13.	AMDEx3.msi	de717f4f98a4f0963554e725ea12945d	2
Name: AMDEx3.msi MD5: de717f4f98a4f0963554e725ea12945d Size: 22.52 KB (22528 bytes) Detections: 2 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
14.	Win32.exe	2f2fec8c582fc7e1459fde95625ac090	2
Name: Win32.exe MD5: 2f2fec8c582fc7e1459fde95625ac090 Size: 87.55 KB (87552 bytes) Detections: 2 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: January 24, 2017
15.	AMDEx3.msi	3dcce5a59d9017f05a0e26cae4b8a79a	1
Name: AMDEx3.msi MD5: 3dcce5a59d9017f05a0e26cae4b8a79a Size: 20.99 KB (20992 bytes) Detections: 1 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
16.	AMDEx3.msi	db5bac62cbdb394b53900b7ffa0b80fa	1
Name: AMDEx3.msi MD5: db5bac62cbdb394b53900b7ffa0b80fa Size: 15.87 KB (15872 bytes) Detections: 1 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
17.	AMDEx3.msi	0dbf938908c20144e8e359542f6f8fb4	1
Name: AMDEx3.msi MD5: 0dbf938908c20144e8e359542f6f8fb4 Size: 15.36 KB (15360 bytes) Detections: 1 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
18.	AMDEx3.msi	0b7ad487dbc603f449171c020a9781db	1
Name: AMDEx3.msi MD5: 0b7ad487dbc603f449171c020a9781db Size: 16.89 KB (16896 bytes) Detections: 1 Type: Windows Installer Package Path: %WINDIR%\installer Group: Malware file Last Updated: May 18, 2016
19.	explorer.exe	426a6e545a2ea7f1eaf4b895f6cd10aa	1
Name: explorer.exe MD5: 426a6e545a2ea7f1eaf4b895f6cd10aa Size: 606.2 KB (606208 bytes) Detections: 1 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: March 2, 2015
20.	file.exe	9284e7df99f7c54beb0b4a4471c4a204	0
Name: file.exe MD5: 9284e7df99f7c54beb0b4a4471c4a204 Size: 331.77 KB (331776 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 25, 2016
21.	file.exe	7ce5f02c49eccf00abce59a1d267dd3a	0
Name: file.exe MD5: 7ce5f02c49eccf00abce59a1d267dd3a Size: 106.49 KB (106496 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 28, 2016
22.	file.exe	de1cf2d6f8b70e672de8b07f46f3ebff	0
Name: file.exe MD5: de1cf2d6f8b70e672de8b07f46f3ebff Size: 344.06 KB (344064 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: May 23, 2016
23.	file.exe	2de7466e8d58342becc48fe790fc7649	0
Name: file.exe MD5: 2de7466e8d58342becc48fe790fc7649 Size: 769.02 KB (769024 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: July 27, 2016
24.	file.exe	36e8f222aef751257428b7db83c7372b	0
Name: file.exe MD5: 36e8f222aef751257428b7db83c7372b Size: 577.53 KB (577536 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: November 17, 2016
25.	1964f777975d9a809bd6171348572a4e4db287e557f26fccae66bbbe1ba0a541.exe	a7261182d71b38248f429e62004dd52e	0
Name: 1964f777975d9a809bd6171348572a4e4db287e557f26fccae66bbbe1ba0a541.exe MD5: a7261182d71b38248f429e62004dd52e Size: 533.5 KB (533504 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: January 18, 2017
26.	229022f4344e4dd9d34649728bfd5edf705b77a5b440c8875b2aaa1eeb96128f.exe	c70fba80e0989170a3199a4014532f68	0
Name: 229022f4344e4dd9d34649728bfd5edf705b77a5b440c8875b2aaa1eeb96128f.exe MD5: c70fba80e0989170a3199a4014532f68 Size: 574.97 KB (574976 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: January 18, 2017
27.	wincsa.exe	ce175ad8406b4b791c099ca8c4072b4c	0
Name: wincsa.exe MD5: ce175ad8406b4b791c099ca8c4072b4c Size: 93.69 KB (93696 bytes) Detections: 0 Type: Executable File Path: dir Group: Malware file Last Updated: February 2, 2017

More files

Registry Details

Trojan.Barys may create the following registry entry or registry entries:

Regexp file mask

%APPDATA%\MServices.exe

%APPDATA%\netprotocol.exe

%APPDATA%\scype.exe

%TEMP%\MServices.exe

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\euZtG8KPKLTAq3dYZuPegA==

SOFTWARE\lDcJ2MM68dUoB684tCLBlQ==

SOFTWARE\WOW6432Node\euZtG8KPKLTAq3dYZuPegA==

SOFTWARE\WOW6432Node\lDcJ2MM68dUoB684tCLBlQ==

Directories

Trojan.Barys may create the following directory or directories:

%APPDATA%\scype

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.Barys

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan.Barys

File System Details

Registry Details

Directories

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen