Categories: Malware

Bulz.109136 removal tips

The Bulz.109136 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.109136 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Yara rule detections observed from a process memory dump/dropped files/CAPE
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family
Anomalous binary characteristics

How to determine Bulz.109136?


File Info:
name: 6A2173A121BDD444FFDE.mlwpath: /opt/CAPEv2/storage/binaries/255c98a5e8bae1dd58de5d01dc403c2cc05be3c7ddc1109abd99eb1c2e372c74crc32: 3BC26445md5: 6a2173a121bdd444ffde8b8d93140351sha1: b6d00428d4ce1ff3ea476e86a56a63b580649010sha256: 255c98a5e8bae1dd58de5d01dc403c2cc05be3c7ddc1109abd99eb1c2e372c74sha512: 0267d52861a2a611a05b9886df0111f8b4dd4477fbd1972a460283bba23e85c32a87b2e66e67985f9b0a7d7be62e236715af01f905a3bb844ab3142c1ee10102ssdeep: 3072:gDKW1LgppLRHMY0TBfJvjcTp5X1YngbeI8zr4NoVF/:gDKW1Lgbdl0TBBvjc/1YngbU34NoVF/type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T16144AD1075C0C1B2D4B7143184E6CA799A3A70324B7A96D7BBDD17BA6F122E1A3363CDsha3_384: 68ec33383f94f4eff75868b87432833144b98dc02215ed1a23793c2f81ff2caeaf39f69655f9004dec841ef37af1d3cbep_bytes: e8e15c0000e9a4feffff8bff558bec83timestamp: 2012-07-13 22:47:16
Version Info:
Comments: This installation was built with Inno Setup.CompanyName: DTM soft                                                    FileDescription: Database stress testing tool                                FileVersion: 1.24.12.0           LegalCopyright: © 2004-2020 DTM soft                                                                                ProductName: DTM DB Stress                                               ProductVersion: 1.24.12.0                                         Translation: 0x0000 0x04b0

Bulz.109136 also known as:

Lionic	Trojan.Win32.Bulz.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.6a2173a121bdd444
ALYac	Gen:Variant.Bulz.109136
Cylance	Unsafe
Zillya	Trojan.Reline.Win32.339
Sangfor	Infostealer.MSIL.MassLogger.MTB
K7AntiVirus	Spyware ( 0054a0841 )
Alibaba	TrojanPSW:MSIL/Reline.3a3c4afe
K7GW	Spyware ( 0054a0841 )
Cybereason	malicious.121bdd
BitDefenderTheta	Gen:NN.ZexaF.34212.qq3@aOSLtn
Cyren	W32/Trojan.DAN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.Agent.BYF
Paloalto	generic.ml
Kaspersky	Trojan-PSW.MSIL.Reline.akp
BitDefender	Gen:Variant.Bulz.109136
MicroWorld-eScan	Gen:Variant.Bulz.109136
Avast	WAT:Blacked-AB [Trj]
Tencent	Msil.Trojan-qqpass.Qqrob.Wofx
Ad-Aware	Gen:Variant.Bulz.109136
Emsisoft	Gen:Variant.Bulz.109136 (B)
Comodo	Malware@#11tm3g5qjylml
F-Secure	Trojan.TR/Dropper.Gen
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
Sophos	Mal/Generic-S
GData	Win32.Trojan.Sabsik.B
MaxSecure	Trojan.Malware.300983.susgen
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan[Spy]/MSIL.Agent
Arcabit	Trojan.Bulz.D1AA50
ZoneAlarm	Trojan-PSW.MSIL.Reline.akp
Microsoft	PWS:MSIL/MassLogger!MTB
SentinelOne	Static AI – Malicious PE
AhnLab-V3	Malware/Win32.Generic.C4285129
Acronis	suspicious
McAfee	Artemis!6A2173A121BD
VBA32	TrojanPSW.MSIL.Reline
Malwarebytes	Spyware.RedLineStealer
APEX	Malicious
Rising	Spyware.Agent!8.C6 (CLOUD)
MAX	malware (ai score=80)
eGambit	Unsafe.AI_Score_95%
Fortinet	MSIL/Agent.BYF!tr
AVG	WAT:Blacked-AB [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_60% (D)