Malware

Bulz.201626 (B) removal tips

Malware Removal

The Bulz.201626 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.201626 (B) virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid

How to determine Bulz.201626 (B)?



File Info:

name: E947145E2BD4EF9D9D54.mlw
path: /opt/CAPEv2/storage/binaries/f352085e10cd233488ad33e463e2743cf6946f45695b35298b459c7890b8f977
crc32: DA3A8E6A
md5: e947145e2bd4ef9d9d546e2940b9f42b
sha1: 409f9514bc4a29e4c2cc049d39fd49298b6ac806
sha256: f352085e10cd233488ad33e463e2743cf6946f45695b35298b459c7890b8f977
sha512: b6accce4be091115034b5438345871d0d4a39fc56dc148ba55468933c2f107ce6684f59d5a0776c1efd60a3459fcd6aaa7ea7b986748c05f61dcdcf389bb6e6a
ssdeep: 24576:aFZ3BKH9uTQQQayEeyHRrGBI4HhXF9DbFQnd3mI+fh1Yti/idDLJQ9/Sj:aX3Bu9uTQQhyEekhGmIVgdZUviBJT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C95AB31F173E063D09209FB04ADEA70192DAD70762343AA728F765A3E711CC56F96B6
sha3_384: 4e3b8794808cfac55b07c6a99f2671c43e44128fea5f562a13d9729ff9483f29b7814a4a61e66108cd138416851e6e57
ep_bytes: e8a4080000e985feffffe96870000055
timestamp: 2018-04-17 18:18:26


Version Info:

CompanyName: Mozilla Corporation
FileDescription: Kingsoft Install Tool
FileVersion: 2.1.4.4
InternalName: Kingsoft Install Tool
LegalCopyright: Copyright (C) 2017 Mozilla Corporation All rights reserved.
OriginalFilename: Kingsoft Install Tool
ProductName: Kingsoft Install Tool
ProductVersion: 2.1.4.4
Translation: 0x0409 0x04b0

Bulz.201626 (B) also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Variant.Bulz.201626
ClamAVWin.Malware.Bugor-9836077-0
FireEyeGeneric.mg.e947145e2bd4ef9d
CAT-QuickHealTrojan.MauvaiseRI.S5254986
McAfeeGenericR-OMR!E947145E2BD4
MalwarebytesMalware.Heuristic.1001
VIPREGen:Variant.Bulz.201626
SangforTrojan.Win32.Save.a
K7AntiVirusSpyware ( 0052de311 )
K7GWSpyware ( 0052de311 )
Cybereasonmalicious.e2bd4e
SymantecInfostealer
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Spy.Agent.PKE
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Xbash.gen
BitDefenderGen:Variant.Bulz.201626
AvastWin32:JbossMiner-B [Trj]
RisingWorm.Xbash!1.B438 (CLASSIC)
Ad-AwareGen:Variant.Bulz.201626
EmsisoftGen:Variant.Bulz.201626 (B)
ComodoTrojWare.Win32.Spy.Delpem.A@7mkvv5
ZillyaTrojan.Bugor.Win32.86
McAfee-GW-EditionGenericR-OMR!E947145E2BD4
Trapminemalicious.high.ml.score
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bulz.201626
JiangminTrojan.Xbash.r
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1201296
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.3303
ArcabitTrojan.Bulz.D3139A
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Agent.R313295
VBA32BScope.Trojan.Downloader
ALYacGen:Variant.Bulz.201626
YandexTrojan.GenAsa!d9grjAxrhxs
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.PKE!tr
BitDefenderThetaGen:NN.ZexaF.34646.Yz2@aeAPOGcj
AVGWin32:JbossMiner-B [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Bulz.201626 (B)?

Bulz.201626 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment