Categories: Malware

Bulz.177054 removal guide

The Bulz.177054 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.177054 virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Attempts to identify installed AV products by installation directory
Uses suspicious command line tools or Windows utilities

How to determine Bulz.177054?


File Info:
name: 7A0B95F261174EF13020.mlwpath: /opt/CAPEv2/storage/binaries/9ee97305c8b001abb1bce691dc780b93caeb688660dbf8f7879dc53b98148e9fcrc32: 5F4E6B3Cmd5: 7a0b95f261174ef1302070198ae72253sha1: 300f86e499aaf915801345ea11b0b360b0f9d2b3sha256: 9ee97305c8b001abb1bce691dc780b93caeb688660dbf8f7879dc53b98148e9fsha512: 85e8afc8ef658f4a9244544204bace3646c15fa8bdf50ec4c4d0bcb0470ae96bfef47519ce1e53a0459d61c4b7e9d012acd3b6c4271d3e053d10bf60c127f145ssdeep: 393216:KEjDwDpPtuXUnOZghE45ncsWH6ignM3mrUMBRDmQ:KE/wDpPtuEOZgZ5nc7HLgM3wTtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T173D6233FB2B8A13ED46E4B3105B3A6609A7B7765641A8C1E47F0481DCF675B02F3EA41sha3_384: bbfb4370f1a585c54367c58e923506f70b7b1851ac8997520d74f30443f2aaf7071e7de007b9a583cf5d9116fe393faaep_bytes: 558bec83c4a453565733c08945c48945timestamp: 2020-05-21 05:56:23
Version Info:
Comments: This installation was built with Inno Setup.CompanyName: Oward development                                           FileDescription: Oward E-Mail Notifier Setup                                 FileVersion: 0.0.0.0             LegalCopyright:                                                                                                     OriginalFileName:                                                   ProductName: Oward E-Mail Notifier                                       ProductVersion: 0.0.0.0                                           Translation: 0x0000 0x04b0

Bulz.177054 also known as:

Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Zadved.1659
MicroWorld-eScan	Gen:Variant.Bulz.177054
FireEye	Gen:Variant.Bulz.177054
McAfee	Artemis!7A0B95F26117
Cylance	Unsafe
VIPRE	Gen:Variant.Bulz.177054
Sangfor	Trojan.Win32.Wacatac.C
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	TrojanDropper:Win32/Ekstak.f0c60790
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.261174
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCall	TROJ_GEN.R007C0GFR22
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Ekstak.ahees
BitDefender	Gen:Variant.Bulz.177054
NANO-Antivirus	Trojan.Win32.Ekstak.ibawjq
Avast	Win32:Malware-gen
Tencent	Win32.Trojan-dropper.Agent.Aglf
Ad-Aware	Gen:Variant.Bulz.177054
Emsisoft	Gen:Variant.Bulz.177054 (B)
TrendMicro	TROJ_GEN.R007C0GFR22
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tc
GData	Gen:Variant.Bulz.177054
Avira	HEUR/AGEN.1237233
MAX	malware (ai score=83)
Arcabit	Trojan.Bulz.D2B39E
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
VBA32	Trojan.Ekstak
ALYac	Gen:Variant.Bulz.177054
Malwarebytes	Adware.DownloadAssistant
APEX	Malicious
Ikarus	Trojan-Dropper.Win32.Agent
MaxSecure	Trojan.Malware.109397859.susgen
Fortinet	Riskware/Ekstak
AVG	Win32:Malware-gen
Panda	Trj/CI.A