Categories: Malware

Bulz.14493 (file analysis)

The Bulz.14493 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.14493 virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Attempts to connect to a dead IP:Port (1 unique times)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Dynamic (imported) function loading detected
Enumerates running processes
CAPE extracted potentially suspicious content
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Deletes its original binary from disk
CAPE detected the PCRat malware family
Creates a copy of itself

How to determine Bulz.14493?


File Info:
name: 50A84B2C93679F34A4B7.mlwpath: /opt/CAPEv2/storage/binaries/297d120d8fe3bb8c5a9bc55fc1269a78fa90d235f8a6b2feadb69a59f50a396acrc32: 1DD11EE3md5: 50a84b2c93679f34a4b74fc92ec32bf6sha1: 53d77a4d03de8a80867f421bbd7a0c85670ec250sha256: 297d120d8fe3bb8c5a9bc55fc1269a78fa90d235f8a6b2feadb69a59f50a396asha512: b422e2b88b7a07f54af35a42b29d65971bce014f88271a7119cdb7d69d048177156c31eef778f8dc0d8c364cbdb2e6bd5f8a34e13bf4a37ee7ba401ed8cad58dssdeep: 49152:lD2tYZeYZeYZeYZeYZeYZeYZoYZeYZeYZeYZMYZU0+YZeYZeYZ6dVYI8O3q:lDdSdr8O3type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BE16098AEE24D1BEC4131BB8EA5B69F412501C16992E215F38143E7FEE33B671905FB4sha3_384: 9e8a4fe387a80b1ba6d108436eb536a4c826ecab8b94a6ecdade7f9ede0761e5d0d9ca8364023901863ee8f5cb32e15bep_bytes: 558bec6aff6898db400068b4a9400064timestamp: 2018-04-04 10:11:56
Version Info:
Comments: CompanyName: Free Time Co., Ltd.FileDescription: FormatFactoryFileVersion: 3.9.5.0InternalName: FormatFactoryLegalCopyright: Copyright 2016 Free Time Co., Ltd.LegalTrademarks: OriginalFilename: FormatFactory.exePrivateBuild: ProductName: Format FactoryProductVersion: 3.9.5.0SpecialBuild: Translation: 0x0804 0x04b0

Bulz.14493 also known as:

MicroWorld-eScan	Gen:Variant.Bulz.14493
FireEye	Generic.mg.50a84b2c93679f34
CAT-QuickHeal	Trojan.MauvaiseRI.S5253913
ALYac	Gen:Variant.Bulz.14493
Cylance	Unsafe
K7AntiVirus	Trojan ( 0057dd1c1 )
K7GW	Trojan ( 0057dd1c1 )
CrowdStrike	win/malicious_confidence_70% (W)
Cyren	W32/Kryptik.DLQ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.GCNO
APEX	Malicious
ClamAV	Win.Trojan.Gh0stRAT-7603864-1
Kaspersky	Backdoor.Win32.Farfli.avdh
BitDefender	Gen:Variant.Bulz.14493
NANO-Antivirus	Trojan.Win32.Farfli.esmfdn
Avast	Win32:BackdoorX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10b4ad51
Ad-Aware	Gen:Variant.Bulz.14493
Sophos	Troj/Zegost-GO
Comodo	Backdoor.Win32.Zegost.ML@828ixj
DrWeb	Trojan.DownLoader25.33499
Zillya	Backdoor.Farfli.Win32.6896
TrendMicro	BKDR_ZEGOST.SM34
McAfee-GW-Edition	GenericRXEW-BU!50A84B2C9367
Emsisoft	Gen:Variant.Bulz.14493 (B)
Ikarus	Trojan.Win32.Injector
Jiangmin	Backdoor.Farfli.enh
Avira	HEUR/AGEN.1206029
MAX	malware (ai score=85)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Bulz.14493
Cynet	Malicious (score: 99)
AhnLab-V3	Backdoor/Win.Farfli.C5108292
McAfee	GenericRXEW-BU!50A84B2C9367
VBA32	BScope.Trojan.Fsysna
TrendMicro-HouseCall	BKDR_ZEGOST.SM34
Rising	Backdoor.Farfli!8.B4 (CLOUD)
Yandex	Trojan.GenAsa!hC8NDCXIdVI
Fortinet	W32/Kryptik.FHSF!tr
BitDefenderTheta	Gen:NN.ZexaF.34638.@t0@aCFQfLjj
AVG	Win32:BackdoorX-gen [Trj]
Cybereason	malicious.c93679
Panda	Trj/CI.A