Categories: Malware

Bulz.190587 (B) removal guide

The Bulz.190587 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.190587 (B) virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Attempts to identify installed AV products by installation directory

How to determine Bulz.190587 (B)?


File Info:
name: 540A38AF5E72DD0F6349.mlwpath: /opt/CAPEv2/storage/binaries/1641947606a6a76c00c201c0dce953062c0fdd58d2ca321f81e324e85ec365c3crc32: 9E84EFE9md5: 540a38af5e72dd0f63492401be832a5asha1: aff16df918916b65c2cf0b827e95a363531dedc7sha256: 1641947606a6a76c00c201c0dce953062c0fdd58d2ca321f81e324e85ec365c3sha512: 120a844f05f64878f0211f03baa0c62248fe1a312727d22b937e2f1315c44824eae93b12f901c68e0f0e31a8bb198ff2b14b9a73edac878127473e47fb5b4851ssdeep: 196608:fEeO0p9xXxF1FAhffmg6p6JoaRtlLuq0XF4rV+g0wVQJFcXiFghkjOAbts7:fEUhXJChfr3yHaV+gXV6eXiF2uOX7type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1C0B6233FB278653ED4AE4B3245B39360597BBB61A41A8C1E07F0451CCF664A02F3BB56sha3_384: a5163d13c2fa05ef6c93bb025b51f8b440f2b8605050cd1fe0c32b7a9285cd960239ae5eac5d210f3c1a06c8226bbefbep_bytes: 558bec83c4a453565733c08945c48945timestamp: 2020-05-21 05:56:23
Version Info:
Comments: This installation was built with Inno Setup.CompanyName: ITS Software, LLC                                           FileDescription: Ider Player Setup                                           FileVersion: 0.0.0.0             LegalCopyright:                                                                                                     OriginalFileName:                                                   ProductName: Ider Player                                                 ProductVersion: 3.5.3.2                                           Translation: 0x0000 0x04b0

Bulz.190587 (B) also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Bulz.190587
FireEye	Gen:Variant.Bulz.190587
ALYac	Gen:Variant.Bulz.190587
Cylance	Unsafe
Sangfor	Trojan.Win32.Woreflint.A
K7AntiVirus	Trojan ( 005722fe1 )
Alibaba	Malware:Win32/km_2e5ec0.None
K7GW	Trojan ( 005722fe1 )
CrowdStrike	win/malicious_confidence_70% (W)
Cyren	W32/Agent.CAB.gen!Eldorado
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Ekstak.ahfbj
BitDefender	Gen:Variant.Bulz.190587
Avast	Win32:Trojan-gen
Ad-Aware	Gen:Variant.Bulz.190587
DrWeb	Trojan.Zadved.1672
McAfee-GW-Edition	BehavesLike.Win32.Dropper.vc
Emsisoft	Gen:Variant.Bulz.190587 (B)
APEX	Malicious
Webroot	W32.Adware.Gen
Avira	HEUR/AGEN.1237233
MAX	malware (ai score=80)
Microsoft	Trojan:Win32/AgentTesla!ml
GData	Gen:Variant.Bulz.190587
AhnLab-V3	Trojan/Win32.Wacatac.R354759
McAfee	Artemis!540A38AF5E72
VBA32	Trojan.CryptInject
Malwarebytes	Adware.DownloadAssistant
Yandex	Trojan.Ekstak!ntV+++ayk8E
Ikarus	Trojan-Dropper.Win32.Agent
MaxSecure	Trojan.Malware.184690724.susgen
Fortinet	PossibleThreat.MU
AVG	Win32:Trojan-gen
Cybereason	malicious.f5e72d
Panda	Trj/CI.A