Malware

Bulz.220737 removal

Malware Removal

The Bulz.220737 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.220737 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality

How to determine Bulz.220737?



File Info:

name: E1F908D22B782081E4A7.mlw
path: /opt/CAPEv2/storage/binaries/c78a44e621d94a7e6ce5191fb05ee729affb02eac90101f586ef6f5cb33bf6de
crc32: C9CE3B1E
md5: e1f908d22b782081e4a71ddc7e3fef3c
sha1: 388db8e8b65ed7972af12f86c0418579c090cf2f
sha256: c78a44e621d94a7e6ce5191fb05ee729affb02eac90101f586ef6f5cb33bf6de
sha512: ffa38692448ec8860da5a6cf67f1e63f9e9085beffb14a82afb5090ad019255665d2908038e6e325a4280da9039ebee5d979aab730286a2c71f58db21040dbd9
ssdeep: 196608:l0MQ9Fc9GG0OLYMKvYKTJN1qWBIYTHRbF5ibPq9Y:l0/cUG0+kTk8xB5Fe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D76633C3564BD98BD3C1A5FCC5BCEF7A84E217621C038241E6643475D4A7B0B7E22AB6
sha3_384: 31b2b060fbbd21c40721071893fcdafcbb72cba0cfac044dcae091b6080c0406b39bae5e253eb3cacb23d662ae866189
ep_bytes: 60e9a450fbff00004765744350496e66
timestamp: 2021-09-25 15:17:59


Version Info:

FileVersion: 1.0.0.0
ProductVersion: 1.0
Translation: 0x0409 0x04e4

Bulz.220737 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.a!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.220737
FireEyeGeneric.mg.e1f908d22b782081
McAfeeGenericRXRA-PR!E1F908D22B78
CylanceUnsafe
SangforTrojan.Win32.Agent.xxzvms
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanDownloader:Win32/DropperX.8d1ea125
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.22b782
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.KOSVYJW
APEXMalicious
AvastWin32:DropperX-gen [Drp]
CynetMalicious (score: 100)
KasperskyTrojan-Downloader.Win32.Agent.xxzvms
BitDefenderGen:Variant.Bulz.220737
Ad-AwareGen:Variant.Bulz.220737
SophosMal/Generic-S
DrWebTrojan.Siggen16.30511
ZillyaDownloader.Agent.Win32.452490
TrendMicroTROJ_GEN.R002C0PAA22
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftGen:Variant.Bulz.220737 (B)
GDataGen:Variant.Bulz.220737
eGambitUnsafe.AI_Score_99%
AviraTR/Dldr.Agent.iiswt
Antiy-AVLTrojan/Generic.ASMalwS.34C36D9
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Tnega!ml
AhnLab-V3Dropper/Win.Generic.C4810798
BitDefenderThetaGen:NN.ZexaF.34160.@Z3@aeopwUdj
ALYacGen:Variant.Bulz.220737
MAXmalware (ai score=80)
VBA32TScope.Trojan.Delf
TrendMicro-HouseCallTROJ_GEN.R002C0PAA22
RisingDownloader.Agent!8.B23 (CLOUD)
YandexTrojan.DL.Agent!W3wDPXue7lQ
SentinelOneStatic AI – Malicious PE
FortinetW32/PossibleThreat
AVGWin32:DropperX-gen [Drp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_80% (W)

How to remove Bulz.220737?

Bulz.220737 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment