Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Barys.GA

Trojan.Barys.GA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 11,854
Threat Level: 80 % (High)
Infected Computers: 4,521
First Seen: December 6, 2021
Last Seen: March 5, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Barys.GA
Signature status: No Signature

Known Samples

MD5: c405202843fd238e2c8491f586c2cd34
SHA1: b5b968f77bb0c66827a8b7e9ba7167068299a16a
File Size: 426.81 KB, 426805 bytes
MD5: e7fa9ad539a658dc238cc9f7a956c96c
SHA1: 6d000f70e08ece2df91965f3d1d1862837a9b9a8
SHA256: 20584BC03BF474214B03952258F4B3EE359763415502B92E64F890E665BE4C78
File Size: 390.19 KB, 390192 bytes
MD5: c0a2adfe623b07e017df8c7746318f12
SHA1: e2194f311d633bcdc0ba5a24b89bcb669a0d2380
SHA256: CE76F805EA7CCCF91AD087C131E547DFB5B04CC7DA53AC7632785661104C553A
File Size: 525.55 KB, 525555 bytes
MD5: ec10621e191df3beb82dfba062e37b69
SHA1: 0b8d65fba440ba3351386b6f9520dace11cabc5c
SHA256: 206BDC3EEF4C9B2B83FB9B1691D3375292CA7DAC401800E3511F1C9551410D17
File Size: 463.28 KB, 463279 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Astersoft Sistemas Ltda
  • Sina Nourian
File Description
  • Aster Boleto
  • Sistema automático de backup's
  • Swift Remote
File Version
  • v1.0.2
  • 1.0.2.0
  • 1.0
Internal Name
  • Aster Boleto
  • Interbackup
  • SwiftRemote
Legal Copyright
  • Astersoft Sistemas Ltda
  • Developed By: Sina Nourian
  • Interage Sistemas
Original Filename
  • aster-boleto.exe
  • Interbackup.exe
  • SwiftRemote.exe
Product Name
  • Aster Boleto
  • Interbackup
  • Swift Remote
Product Version
  • v2.0.1
  • 1.0.2.0
  • 1.0

File Traits

  • No Version Info
  • WinZip SFX
  • x86
  • ZIP (In Overlay)
  • ZIPinO

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes (NULL) RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes  RegNtPreCreateKey
Show More
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 墦ĸ⬉ʾ鈉øꌉĶꄍ阎Ľ鬎ʂ먎ÍԏÞ阐†䈑Âø밓Ɣ똕ĥ츕ë䈛x䤝Ē猟ɢ䀣ʲ찣ŏ갤Ç숤ʨ春ʐ븥ė椧ĒꄨěสĹ뜪Ģ윪Þ㴬倰ĥ䠱Oⰵɝ혺ɲ츻Ĵ噀ñ끀Ī덂®䡆¶賂¦홌ʅ቎ĤÁꝒª穔R띔Ü录Ī乖ʗ瑜ť፡Ĥ陣w걣ʛづŔ퍥h坧ʡ㹭ŃŁ詰ʜ䁱£ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 墧ĸ⬉ʾ鈉øꌉĶꄍ阎Ľ鬎ʂ먎ÍԏÞ阐†䈑Âø밓Ɣ똕ĥ츕ë䈛x䤝Ē猟ɢ䀣ʲ찣ŏ갤Ç숤ʨ春ʐ븥ė椧ĒꄨěสĹ뜪Ģ윪Þ㴬倰ĥ䠱Oⰵɝ혺ɲ츻Ĵ噀ñ끀Ī덂®䡆¶賂¦홌ʅ቎ĤÁꝒª穔R띔Ü录Ī乖ʗ瑜ť፡Ĥ陣w걣ʛづŔ퍥h坧ʡ㹭ŃŁ詰ʜ䁱£ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version 143.0.3650.80 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count  RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecute
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeleteValueKey
Show More
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory

Shell Command Execution

open http://java.com/download
open http://java.com/download/
open http://www.java.com/download
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://www.java.com/download

Trending

Most Viewed

Loading...