Categories: Malware

What is “Bulz.200270”?

The Bulz.200270 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.200270 virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Attempts to modify desktop wallpaper
Attempts to identify installed AV products by installation directory

How to determine Bulz.200270?


File Info:
name: 5B0A6A6BD0BBEC5C742C.mlwpath: /opt/CAPEv2/storage/binaries/2f00f8ea4e76a03101745e45b4bf787ad5c47f946e9446f9f946c0cea76ecc86crc32: 6F26E078md5: 5b0a6a6bd0bbec5c742c4e86062aab3fsha1: edba17e6529d946305fdf6540ce2516a84d7de80sha256: 2f00f8ea4e76a03101745e45b4bf787ad5c47f946e9446f9f946c0cea76ecc86sha512: 5d81568c2d7caa9b7fbe8e2a257eb53c2eff61c5abda977d70ad77cd8fe579385bf8f678796bb60cb60da7ecb50198478490bea892eb3ac736ae3ba856a7ecfdssdeep: 196608:lH5HoX8agASkppHxfxtbO2MbXF56IdYvtphqlKxYF6GgsV45/T0p3xk:lloX8agAVxZtGeyYvv+AGgN/I7ktype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T119B612AB3264D13FD9BA4A31C572A2F069377F52D4094C6B17E0BD48FB721600E7AA17sha3_384: b44d93ad2176826c5c87515617adb15542fdc34d974c831f35db1b3e867e5855e21e17f195deca053bc7bceee2a8a88bep_bytes: 558bec83c4a453565733c08945c48945timestamp: 2020-05-21 05:56:23
Version Info:
Comments: This installation was built with Inno Setup.CompanyName: Online Media Technologies Ltd.                              FileDescription: AVS Video Burner Setup                                      FileVersion: 0.0.0.0             LegalCopyright:                                                                                                     OriginalFileName:                                                   ProductName: AVS Video Burner                                            ProductVersion: 2.8.5.202                                         Translation: 0x0000 0x04b0

Bulz.200270 also known as:

Lionic	Trojan.Win32.Ekstak.4!c
MicroWorld-eScan	Gen:Variant.Bulz.200270
FireEye	Gen:Variant.Bulz.200270
ALYac	Gen:Variant.Bulz.200270
Cylance	Unsafe
Sangfor	Trojan.Win32.Wacatac.C
K7AntiVirus	Trojan ( 005722fe1 )
Alibaba	TrojanDropper:Win32/Ekstak.cbafa4d7
K7GW	Trojan ( 005722fe1 )
Cybereason	malicious.bd0bbe
Cyren	W32/Agent.CDU.gen!Eldorado
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCall	TROJ_GEN.R007C0WFR22
Kaspersky	Trojan.Win32.Ekstak.ahgek
BitDefender	Gen:Variant.Bulz.200270
APEX	Malicious
Ad-Aware	Gen:Variant.Bulz.200270
VIPRE	Gen:Variant.Bulz.200270
TrendMicro	TROJ_GEN.R007C0WFR22
McAfee-GW-Edition	BehavesLike.Win32.Dropper.vc
Emsisoft	Gen:Variant.Bulz.200270 (B)
Ikarus	Trojan-Dropper.Win32.Agent
GData	Gen:Variant.Bulz.200270
Avira	HEUR/AGEN.1237233
Arcabit	Trojan.Bulz.D30E4E
Microsoft	Trojan:Win32/Ymacco.AA2F
Cynet	Malicious (score: 99)
McAfee	Artemis!5B0A6A6BD0BB
MAX	malware (ai score=87)
VBA32	Trojan.Ekstak
Malwarebytes	Adware.DownloadAssistant
Avast	Win32:Trojan-gen
Yandex	Trojan.Ekstak!rqC2HjQZIys
MaxSecure	Trojan.Malware.184690692.susgen
Fortinet	W32/Agent.SLC!tr
AVG	Win32:Trojan-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)