Malware

Bulz.177054 removal guide

Malware Removal

The Bulz.177054 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.177054 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Attempts to identify installed AV products by installation directory
  • Uses suspicious command line tools or Windows utilities

How to determine Bulz.177054?



File Info:

name: 7A0B95F261174EF13020.mlw
path: /opt/CAPEv2/storage/binaries/9ee97305c8b001abb1bce691dc780b93caeb688660dbf8f7879dc53b98148e9f
crc32: 5F4E6B3C
md5: 7a0b95f261174ef1302070198ae72253
sha1: 300f86e499aaf915801345ea11b0b360b0f9d2b3
sha256: 9ee97305c8b001abb1bce691dc780b93caeb688660dbf8f7879dc53b98148e9f
sha512: 85e8afc8ef658f4a9244544204bace3646c15fa8bdf50ec4c4d0bcb0470ae96bfef47519ce1e53a0459d61c4b7e9d012acd3b6c4271d3e053d10bf60c127f145
ssdeep: 393216:KEjDwDpPtuXUnOZghE45ncsWH6ignM3mrUMBRDmQ:KE/wDpPtuEOZgZ5nc7HLgM3wT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T173D6233FB2B8A13ED46E4B3105B3A6609A7B7765641A8C1E47F0481DCF675B02F3EA41
sha3_384: bbfb4370f1a585c54367c58e923506f70b7b1851ac8997520d74f30443f2aaf7071e7de007b9a583cf5d9116fe393faa
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-05-21 05:56:23


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Oward development                                           
FileDescription: Oward E-Mail Notifier Setup                                 
FileVersion: 0.0.0.0             
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Oward E-Mail Notifier                                       
ProductVersion: 0.0.0.0                                           
Translation: 0x0000 0x04b0

Bulz.177054 also known as:

LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Zadved.1659
MicroWorld-eScanGen:Variant.Bulz.177054
FireEyeGen:Variant.Bulz.177054
McAfeeArtemis!7A0B95F26117
CylanceUnsafe
VIPREGen:Variant.Bulz.177054
SangforTrojan.Win32.Wacatac.C
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanDropper:Win32/Ekstak.f0c60790
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.261174
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R007C0GFR22
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.ahees
BitDefenderGen:Variant.Bulz.177054
NANO-AntivirusTrojan.Win32.Ekstak.ibawjq
AvastWin32:Malware-gen
TencentWin32.Trojan-dropper.Agent.Aglf
Ad-AwareGen:Variant.Bulz.177054
EmsisoftGen:Variant.Bulz.177054 (B)
TrendMicroTROJ_GEN.R007C0GFR22
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
GDataGen:Variant.Bulz.177054
AviraHEUR/AGEN.1237233
MAXmalware (ai score=83)
ArcabitTrojan.Bulz.D2B39E
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
VBA32Trojan.Ekstak
ALYacGen:Variant.Bulz.177054
MalwarebytesAdware.DownloadAssistant
APEXMalicious
IkarusTrojan-Dropper.Win32.Agent
MaxSecureTrojan.Malware.109397859.susgen
FortinetRiskware/Ekstak
AVGWin32:Malware-gen
PandaTrj/CI.A

How to remove Bulz.177054?

Bulz.177054 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment