Categories: Malware

Bulz.213658 malicious file

The Bulz.213658 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.213658 virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Anomalous file deletion behavior detected (10+)
Dynamic (imported) function loading detected
Enumerates running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Attempts to modify desktop wallpaper
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Exhibits possible ransomware file modification behavior

Related domains:

wpad.local-net

opengolad.com

How to determine Bulz.213658?


File Info:
name: D512CAB8125ECB2C8B75.mlwpath: /opt/CAPEv2/storage/binaries/c23045f919c567c4d5f34280d37e68834e4dcfa21044ec4541256f7193c6148ccrc32: F08C43E8md5: d512cab8125ecb2c8b75d2d430e5aee2sha1: 438c2fa1dce19f02e5828182b5d70d289a01ce06sha256: c23045f919c567c4d5f34280d37e68834e4dcfa21044ec4541256f7193c6148csha512: f88784d589a7b0e2c6352c68c50b78997fb7e49d98c5db2f60e2735779aaa808edef678a0b97a4031d21790233ce76348e8f6eebd7613611ccd701356fa7fe29ssdeep: 196608:ovYAIG5+CdPpRY7bUbe7U61eE5u0fBCAAfPAFVp/rUUNlGhEgTICIRtNFYD1O7Od:ovZ5+2UQq3ZCAAfYFVZrULEgTIS5ftype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D5E6333FB218A13FD46A4A3105B383909D7BBA26A95ACC1E47F4451ECF7A4B01F3A715sha3_384: c4a75c2d51a8f3819c33e08805afb2bf5ed8c5e9d74c7c543ad94af8fca25dccbae1c924cc5ecd7110a4febf0fc7dfa3ep_bytes: 558bec83c4a453565733c08945c48945timestamp: 2020-05-21 05:56:23
Version Info:
Comments: This installation was built with Inno Setup.CompanyName: CSText                                                      FileDescription: CSText Converter Setup                                      FileVersion: 1.0.0.1             LegalCopyright:                                                                                                     OriginalFileName:                                                   ProductName: CSText Converter                                            ProductVersion: 1.0.0.1                                           Translation: 0x0000 0x04b0

Bulz.213658 also known as:

DrWeb	Trojan.Zadved.1654
MicroWorld-eScan	Gen:Variant.Bulz.213658
FireEye	Gen:Variant.Bulz.213658
ALYac	Gen:Variant.Bulz.213658
Cylance	Unsafe
Sangfor	Trojan.Win32.Ekstak.agyri
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/Ekstak.5a997260
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.8125ec
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
Kaspersky	Trojan.Win32.Ekstak.agyri
BitDefender	Gen:Variant.Bulz.213658
NANO-Antivirus	Trojan.Win32.Ekstak.ialyys
Avast	Win32:Adware-gen [Adw]
Ad-Aware	Gen:Variant.Bulz.213658
Sophos	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tc
Emsisoft	Gen:Variant.Bulz.213658 (B)
GData	Gen:Variant.Bulz.213658
MaxSecure	Trojan.Malware.108945993.susgen
Avira	TR/Ekstak.rghud
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	PUP/Win32.RL_Generic.R354073
McAfee	Artemis!D512CAB8125E
Malwarebytes	Adware.DownloadAssistant
APEX	Malicious
Tencent	Win32.Trojan.Ekstak.Wope
Yandex	Trojan.Ekstak!zTwXKqX16lg
MAX	malware (ai score=85)
Fortinet	PossibleThreat.MU
AVG	Win32:Adware-gen [Adw]