Malware

Bulz.219860 (file analysis)

Malware Removal

The Bulz.219860 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.219860 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Bulz.219860?



File Info:

name: 0A85615F5E848F63F8D9.mlw
path: /opt/CAPEv2/storage/binaries/88e43c4e4c801c53511f25222c0015b5ed49335ceed86f8913b887c39666d67d
crc32: 388618C3
md5: 0a85615f5e848f63f8d922e2e0798288
sha1: 3e2794167821ad809890ab2e151791fb7900b4cc
sha256: 88e43c4e4c801c53511f25222c0015b5ed49335ceed86f8913b887c39666d67d
sha512: 5c4922692bc345948e664bf79b6b3b66725594796bdec332db91c5a4a771cce244f12be0c84e51b6834ba40b66bb025d366377fe2bbac599272426caf1b1feb0
ssdeep: 768:e/Mbmha7xFfnVSluBySM3DyoReFNDRgL0AFb1iJfxY5SUG9iQ:acRSgF9Rvib8u5SP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17D033B4E7B5B43A4CB9C4B7BCC03408842BAC995F953F37E29CD1D721EB685DC986928
sha3_384: 18e9c9974ea122c211118aa7534263cb87a9f3b981cb5df603fbf4c8379e5273ffd7e9feec9d41aa9a8fab6240d93a18
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-10-22 18:37:10


Version Info:

0: [No Data]

Bulz.219860 also known as:

LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.219860
FireEyeGeneric.mg.0a85615f5e848f63
CAT-QuickHealTrojan.MSIL
ALYacGen:Variant.Bulz.219860
CylanceUnsafe
ZillyaTrojan.Witch.Win32.67
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004eb5d21 )
AlibabaTrojan:MSIL/Witch.9158745c
K7GWTrojan ( 004eb5d21 )
Cybereasonmalicious.f5e848
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.QXL
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.MSIL.Witch.gen
BitDefenderGen:Variant.Bulz.219860
NANO-AntivirusTrojan.Win32.Witch.iaxqye
AvastMSIL:GenMalicious-BQA [Trj]
TencentMsil.Trojan.Witch.Gvl
Ad-AwareGen:Variant.Bulz.219860
EmsisoftGen:Variant.Bulz.219860 (B)
ComodoMalware@#2bqml2at7nvtl
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0GBJ22
McAfee-GW-EditionBehavesLike.Win32.Generic.nm
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bulz.219860
AviraTR/Dropper.MSIL.Gen
Antiy-AVLTrojan/Generic.ASMalwS.3522DF9
GridinsoftRansom.Win32.Wacatac.sa
ArcabitTrojan.Bulz.D35AD4
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Generic.C4233350
Acronissuspicious
McAfeeArtemis!0A85615F5E84
MAXmalware (ai score=84)
VBA32TScope.Trojan.MSIL
MalwarebytesMachineLearning/Anomalous.100%
TrendMicro-HouseCallTROJ_GEN.R002C0GBJ22
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:YwlDRHbOc7yP7Sn6XhN/sQ)
YandexTrojan.Witch!RejG/iOp10A
IkarusTrojan-Downloader.MSIL.Agent
FortinetMSIL/Agent.QXL!tr
BitDefenderThetaGen:NN.ZemsilF.34232.cmW@amOHB5
AVGMSIL:GenMalicious-BQA [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Bulz.219860?

Bulz.219860 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment