Malware

Should I remove “Bulz.207488”?

Malware Removal

The Bulz.207488 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.207488 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Exhibits possible ransomware file modification behavior
  • Attempts to identify installed AV products by installation directory

Related domains:

opengolad.com

How to determine Bulz.207488?



File Info:

name: 5317D68876EC12EA2964.mlw
path: /opt/CAPEv2/storage/binaries/3a19da5f31a48abcbdb27a359ac08b5ca6e6a340873615dadd517c9213c9b62c
crc32: E4A407FF
md5: 5317d68876ec12ea2964b46457f415dd
sha1: 9469595f5e9ff80170a291443448a34ac3dfd6c8
sha256: 3a19da5f31a48abcbdb27a359ac08b5ca6e6a340873615dadd517c9213c9b62c
sha512: 64b5e5d8bef9805886d66676f8285ae78e16bf414f0b797edd9bf5153e4330851f8dea59b74e4b3c71c5fcf08d545860693ef95202117f3b45e26bb2be890789
ssdeep: 196608:CaGmKkxJ6jCAXvo3FZQ71IPvWEuzxyb3l+XPMv07ZR7Sb:CaGm/rjCA3FC7aDsG+OIR7Sb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T166B6223FB228A03ED5AEC63145738210997B7E51A91B8C2E07E4750DCBFED60DE3A615
sha3_384: 638e871803d3485cedd2d2b46cffe8a1af2612b444923b1c8c19ab44754793f8fb4a4314e4a15c65cce818fb0734db01
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-05-21 05:56:23


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: templatetoaster.com                                         
FileDescription: TemplateToaster 8 Setup                                     
FileVersion: 8.0.0.20303         
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: TemplateToaster 8                                           
ProductVersion: 8.0.0.20303                                       
Translation: 0x0000 0x04b0

Bulz.207488 also known as:

LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.207488
FireEyeGen:Variant.Bulz.207488
ALYacGen:Variant.Bulz.207488
CylanceUnsafe
SangforTrojan.Win32.Ekstak.ahglw
K7AntiVirusTrojan ( 005722fe1 )
AlibabaTrojanDropper:Win32/Ekstak.6810c6fc
K7GWTrojan ( 005722fe1 )
Cybereasonmalicious.876ec1
CyrenW32/Agent.BZY.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.ahglw
BitDefenderGen:Variant.Bulz.207488
NANO-AntivirusTrojan.Win32.Ekstak.ibohay
AvastWin32:Trojan-gen
TencentWin32.Trojan-dropper.Agent.Ssgt
Ad-AwareGen:Variant.Bulz.207488
EmsisoftGen:Variant.Bulz.207488 (B)
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.BadFile.vc
SophosMal/Generic-S
GDataGen:Variant.Bulz.207488
AviraHEUR/AGEN.1142804
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
McAfeeArtemis!5317D68876EC
MAXmalware (ai score=86)
MalwarebytesAdware.DownloadAssistant
YandexTrojan.Ekstak!Asucd5vLmHg
IkarusTrojan-Dropper.Win32.Agent
FortinetW32/Bulz.207488!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A

How to remove Bulz.207488?

Bulz.207488 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment