Malware

Bulz.177893 removal

Malware Removal

The Bulz.177893 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.177893 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config

How to determine Bulz.177893?



File Info:

name: C752A673E1F224F47707.mlw
path: /opt/CAPEv2/storage/binaries/78ab05906c0352d814edfa9192856413ed32495f8c8404666d9d71dd31876f22
crc32: 49724A62
md5: c752a673e1f224f477079578e3d1d94b
sha1: e3cf973bce910da5e4f3f2ddff703defe5a1cae0
sha256: 78ab05906c0352d814edfa9192856413ed32495f8c8404666d9d71dd31876f22
sha512: 1f7bb443f53924b8aa6f202aa66b8aaf4259a97083d12bcd56e4e6f10fe38de1759a6d3644115041d147e23493705b9f21e949e00e8534cce05bf3adb053719a
ssdeep: 393216:jNVVbdQH8/1atI0v96gNPH4TbAdh2PTtDN:jNVVbd/aS0v9bH4TO2pDN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T141E6333FB268693ED5AE5B3245B3932019BBBB61791A8C1E13F0081DDF764B01E3E615
sha3_384: acb895a4996ab3a954731f8beb7650874dacfba5db4ff0e156d3810dcd20fe15418f7abfddb95a18953c012610e6c1a5
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-05-21 05:56:23


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: ShowDec                                                     
FileDescription: ShowDec Setup                                               
FileVersion: 1.0.0.13            
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: ShowDec                                                     
ProductVersion: 1.0.0.13                                          
Translation: 0x0000 0x04b0

Bulz.177893 also known as:

LionicTrojan.Win32.Ekstak.4!c
DrWebTrojan.Zadved.1654
MicroWorld-eScanGen:Variant.Bulz.177893
FireEyeGen:Variant.Bulz.177893
ALYacGen:Variant.Bulz.177893
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.e7748511
K7GWTrojan ( 005722f11 )
CrowdStrikewin/grayware_confidence_70% (W)
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R007C0WFR22
KasperskyTrojan.Win32.Ekstak.agzin
BitDefenderGen:Variant.Bulz.177893
NANO-AntivirusTrojan.Win32.Ekstak.hzwcjy
AvastWin32:Adware-gen [Adw]
TencentWin32.Trojan.Falsesign.Sxxq
Ad-AwareGen:Variant.Bulz.177893
EmsisoftGen:Variant.Bulz.177893 (B)
VIPREGen:Variant.Bulz.177893
TrendMicroTROJ_GEN.R007C0WFR22
McAfee-GW-EditionArtemis!Trojan
SophosGeneric ML PUA (PUA)
IkarusTrojan.DownloadAssistant
GDataGen:Variant.Bulz.177893
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1237240
ArcabitTrojan.Bulz.D2B6E5
ZoneAlarmTrojan.Win32.Ekstak.agzin
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Ekstak.R353659
McAfeeArtemis!C752A673E1F2
MAXmalware (ai score=89)
MalwarebytesAdware.DownloadAssistant
APEXMalicious
MaxSecureTrojan.Malware.184690565.susgen
FortinetPossibleThreat.PALLAS.H
AVGWin32:Adware-gen [Adw]
Cybereasonmalicious.3e1f22

How to remove Bulz.177893?

Bulz.177893 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment