Malware

About “Bulz.189755” infection

Malware Removal

The Bulz.189755 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.189755 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Exhibits possible ransomware file modification behavior

Related domains:

opengolad.com

How to determine Bulz.189755?



File Info:

name: DDBCE65151BA10B2B612.mlw
path: /opt/CAPEv2/storage/binaries/ef1f0440149b15ac8fa945bbdd5a6ee85fdad3cd3f050a12458ea71ff9ba0c10
crc32: 70966BB9
md5: ddbce65151ba10b2b6125913bb3d9288
sha1: 643440f11f383da9eacd428a1ddfd1fcb314214b
sha256: ef1f0440149b15ac8fa945bbdd5a6ee85fdad3cd3f050a12458ea71ff9ba0c10
sha512: 2987a01d8570c2684b2c2bd5397851eb656df01be5f175766a7d368c5d526549eeae62bf84aa72246c272f61cd48ffbaae0d652baa5fe59a4698a0a41fa8c9b8
ssdeep: 393216:514wYd4biIdJtGDX5bEniTpSS3cSx46HJDMRkpfes:5ade/MEniXDx4Zuh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D3E6233FB228643ED5AA1B3245B382309D77BF61641B8C2F47F4091DDF6A5702E3A616
sha3_384: 407670bbb02e33957ecb679cae340bdb799b32b5b550a1c22fefe3b1167f1f7ed61a7b319d8013e376e6ad933aebffac
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-05-21 05:56:23


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Maxximate Technologies Inc.                                 
FileDescription: X-Amp Application Setup                                     
FileVersion: 1.0.0.0             
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: X-Amp Application                                           
ProductVersion: 1.0.0.0                                           
Translation: 0x0000 0x04b0

Bulz.189755 also known as:

LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanGen:Variant.Bulz.189755
FireEyeGen:Variant.Bulz.189755
ALYacGen:Variant.Bulz.189755
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.c82d5abb
K7GWTrojan ( 005722f11 )
Cybereasonmalicious.151ba1
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.ahbjc
BitDefenderGen:Variant.Bulz.189755
AvastWin32:Adware-gen [Adw]
TencentWin32.Trojan.Falsesign.Wvku
Ad-AwareGen:Variant.Bulz.189755
SophosMal/Generic-S
DrWebTrojan.Zadved.1654
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0GKL21
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Bulz.189755 (B)
AviraHEUR/AGEN.1142804
MicrosoftTrojan:Win32/Wacatac.B!ml
GridinsoftRansom.Win32.Wacatac.sa
ArcabitTrojan.Bulz.D2E53B
GDataGen:Variant.Bulz.189755
AhnLab-V3PUP/Win.Generic.R452169
McAfeeArtemis!DDBCE65151BA
MAXmalware (ai score=84)
VBA32Trojan.Ekstak
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002C0GKL21
eGambitPE.Heur.InvalidSig
FortinetPossibleThreat.PALLAS.H
AVGWin32:Adware-gen [Adw]
MaxSecureTrojan.Malware.130242849.susgen

How to remove Bulz.189755?

Bulz.189755 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment