Backdoor

Should I remove “Backdoor:Win32/Bulord.A”?

Malware Removal

The Backdoor:Win32/Bulord.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Bulord.A virus can do?

  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates a copy of itself
  • Deletes executed files from disk

How to determine Backdoor:Win32/Bulord.A?



File Info:

name: 24A94509A0E4A0A3F6F9.mlw
path: /opt/CAPEv2/storage/binaries/6290f6371832492ccfac1b4d89610ba8c99b4e5302f5217b19dd85f2a1438d56
crc32: 1DC4DF12
md5: 24a94509a0e4a0a3f6f967da3362430d
sha1: 2767b739c349f43f1dd1c1a159f409eebeaaea43
sha256: 6290f6371832492ccfac1b4d89610ba8c99b4e5302f5217b19dd85f2a1438d56
sha512: 6d84886395027ff8c90b3f223fa58e54a4499abfd36826b49e36b298758b7e6343d0005d22a2513dc6204903b7d4f96d5f7a73223a20913665bbc94b4fa89065
ssdeep: 6144:AGiKpURL04vL4u6FrnQs8oaJqC8GYpxvsnMmuTGge3j9+qN6zD:dpULdvBOK81vsn2oU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T101647E61F7818437E1620F38DD2AAAB5953DFF202D38654B77E95E4C4E3B7826C18392
sha3_384: 27f80da2705ea2c2d2727cef335629de0fed19a5db6862f3bbd89a59f35e43fbef773b3a9aadf62f314e3e5350cdad2d
ep_bytes: 558bec83c4ec5333c08945ecb850e843
timestamp: 2003-04-08 18:09:29


Version Info:

CompanyName: WestenDigitals Limited
FileDescription: WestenDigitals Registration
FileVersion: 1.0.2.0
InternalName: Diagnosi.exe
LegalCopyright: ©WestenDigitals Limited
LegalTrademarks: ®WestenDigitals Limited
OriginalFilename: Diagnosi.exe
ProductName: WestenDigitals Harddisk Registration
ProductVersion: 1.0.2.0
Comments: by Jonson Bruno sam - 2011
Translation: 0x0809 0x04e4

Backdoor:Win32/Bulord.A also known as:

LionicWorm.Win32.Sytro.lgBr
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Zard.1
CAT-QuickHealBackdoor.Bulord.A10
SkyhighBehavesLike.Win32.Dropper.fh
Cylanceunsafe
ZillyaDropper.Dapato.Win32.11893
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
AlibabaBackdoor:Win32/Bulord.7f44adc9
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.9a0e4a
ArcabitTrojan.Mint.Zard.1
VirITTrojan.Win32.Generic.ATYJ
SymantecTrojan.Gen.MBT
tehtrisGeneric.Malware
ESET-NOD32Win32/Delf.OJW
APEXMalicious
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderGen:Heur.Mint.Zard.1
NANO-AntivirusTrojan.Win32.Cool.ctmxst
SUPERAntiSpywareTrojan.Agent/Gen-FalComp
AvastWin32:BackdoorX-gen [Trj]
TencentWin32.Trojan.Agent.Ogil
EmsisoftGen:Heur.Mint.Zard.1 (B)
F-SecureTrojan.TR/Patched.Gen
DrWebBackDoor.Cool.362
VIPREGen:Heur.Mint.Zard.1
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.24a94509a0e4a0a3
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Generic.bddhx
GoogleDetected
AviraTR/Patched.Gen
Antiy-AVLTrojan[Dropper]/Win32.Dapato
XcitiumTrojWare.Win32.Delf.caz@558mtg
MicrosoftBackdoor:Win32/Bulord.A
ZoneAlarmHEUR:Trojan.Win32.Agent.gen
GDataGen:Heur.Mint.Zard.1
CynetMalicious (score: 100)
AhnLab-V3Dropper/Win32.Dapato.R46703
McAfeeGenericRXEY-JY!24A94509A0E4
MAXmalware (ai score=100)
VBA32TScope.Trojan.Delf
MalwarebytesGeneric.Malware.AI.DDS
RisingTrojan.Generic@AI.100 (RDML:w2rC6IRDBbJd+/DBdnPdHQ)
YandexTrojan.GenAsa!YUtrRlm2vCQ
IkarusTrojan.Win32.Agent
FortinetW32/Dropper.DF!tr
BitDefenderThetaAI:Packer.52A9A2A01D
AVGWin32:BackdoorX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan.Win.UnkAgent

How to remove Backdoor:Win32/Bulord.A?

Backdoor:Win32/Bulord.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment