Malware

How to remove “Bulz.139328”?

Malware Removal

The Bulz.139328 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.139328 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Bulz.139328?



File Info:

name: 9F396D87DCC319F236E4.mlw
path: /opt/CAPEv2/storage/binaries/6fb0e0a9fe710ffe2edf5f2925cfcd2858b245668f25e9278addb738f34514a3
crc32: 651E88E8
md5: 9f396d87dcc319f236e476479017b9ff
sha1: 597ed361eb010a63d2808bc3c37cc3c31423d7f8
sha256: 6fb0e0a9fe710ffe2edf5f2925cfcd2858b245668f25e9278addb738f34514a3
sha512: af97e9f29b5d21c4dc947f20294eecaf03bffbbbead08489e00599c7d47479bd7a8bd6dfae57883993e87b55e25317859f0f2bcf12f49d2bdc118a299e3fbf72
ssdeep: 12288:xi+ETezCHQkZPhprhmH6ukWAljnQlnl2OdpbxZDmRmFaCBk0:xiQsFhBhmAWAdnQxlfj6YaCV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T132F48E11BDD642B2C5A322718D7EF7779E3969360323C59B27E83D337E6C4412A193A2
sha3_384: 5fb83dc4cda381780d2c02a45d90c8e2c37aadf3d410d59f202bc8b5903f090bdc4312377effc14136ce67de01ebfc12
ep_bytes: e8dec20000e989feffffcccccccccccc
timestamp: 2012-02-04 22:43:24


Version Info:

FileVersion: 2.0.14.11
Comments: TianmaoUrls
FileDescription: TianmaoUrls
LegalCopyright: Copyright (C) 2012-2014
CompanyName: www.taobao.com
ProductName: TianmaoUrls.exe
LegalTrademarks: taobao.com.Inc
OriginalFilename: TianmaoUrls.exe
Translation: 0x0804 0x04b0

Bulz.139328 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.139328
FireEyeGeneric.mg.9f396d87dcc319f2
CylanceUnsafe
BitDefenderGen:Variant.Bulz.139328
Cybereasonmalicious.7dcc31
VirITTrojan.Win32.Dnldr27.CIOM
CyrenW32/Trojan.IJBN-1595
ESET-NOD32Win32/Packed.Autoit.H suspicious
ClamAVWin.Malware.Autoit-6753917-0
Ad-AwareGen:Variant.Bulz.139328
EmsisoftGen:Variant.Bulz.139328 (B)
ComodoTrojWare.Win32.Hider.REXR@5364l6
DrWebTrojan.DownLoader27.40936
McAfee-GW-EditionBehavesLike.Win32.Generic.bh
SophosGeneric ML PUA (PUA)
APEXMalicious
MicrosoftPWS:Win32/Zbot!ml
ViRobotTrojan.Win32.A.Agent.690283
GDataGen:Variant.Bulz.139328
CynetMalicious (score: 100)
VBA32IMWorm.Sohanad
ALYacGen:Variant.Bulz.139328
MAXmalware (ai score=82)
YandexTrojan.GenAsa!i9rai7w7/WE
IkarusTrojan-Downloader.Win32.Genome
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Bulz.139328?

Bulz.139328 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment