Categories: Malware

Bulz.221364 removal guide

The Bulz.221364 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.221364 virus can do?

Creates RWX memory
Unconventionial binary language: Polish
Unconventionial language used in binary resources: Polish
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Authenticode signature is invalid
Tries to suspend Cuckoo threads to prevent logging of malicious activity
Binary compilation timestomping detected

How to determine Bulz.221364?


File Info:
name: BB92861AFA747E44F485.mlwpath: /opt/CAPEv2/storage/binaries/4a602fcde571e77a8b77077a1107035dec7916f6a807a6ae91de14c6c2791dafcrc32: 1E791596md5: bb92861afa747e44f48539c758afbbc2sha1: ba59f969608a7b3874b9cb6dc203ca76ebdb3087sha256: 4a602fcde571e77a8b77077a1107035dec7916f6a807a6ae91de14c6c2791dafsha512: c3cab49e16aa48f8abebdab13caaba9fb3167466baceb6a1cb253603733086ac2f22256f12bf9455100b7775ae592f032b4199738e731144ee35b34deb834e7fssdeep: 98304:X7x/wHv1oUdhy2x2GJXHSN/mut23rbt5++jchI+GvDXflI1WSDCEL9qe8w99YqGg:XNwHvOrEa9tQ3jGLGrfa1W89/8wfBntype: PE32+ executable (GUI) x86-64, for MS Windowstlsh: T1926622FD6288375CC42EC4B09437AD44B2B5D52D17DAA5AEB2C77AE03BA6430E603F51sha3_384: 209928d1517b725b3ea00db9e563677b7f50899aa32b2b3299e2d972066a038c0f0ebd53cef8d41033d8e83f5b7e157bep_bytes: 68d408c286e8115b0c0098da0bb19693timestamp: 2062-07-25 12:18:00
Version Info:
CompanyName: Microsoft CorporationFileDescription: Samorozpakowujący się plik typu .cab Win32                                           FileVersion: 11.00.19038.1 (WinBuild.160101.0800)InternalName: Wextract                LegalCopyright: © Microsoft Corporation. Wszelkie prawa zastrzeżone.OriginalFilename: WEXTRACT.EXE            .MUIProductName: Internet ExplorerProductVersion: 11.00.19038.1Translation: 0x0415 0x04b0

Bulz.221364 also known as:

Lionic	Riskware.Win32.Generic.1!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen15.50366
MicroWorld-eScan	Gen:Variant.Bulz.221364
FireEye	Generic.mg.bb92861afa747e44
ALYac	Gen:Variant.Bulz.221364
K7AntiVirus	Trojan ( 0054d6c01 )
Alibaba	TrojanPSW:Win32/Disco.4265b52d
K7GW	Trojan ( 0054d6c01 )
Cybereason	malicious.afa747
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/Packed.VMProtect.FZ
TrendMicro-HouseCall	TROJ_GEN.R002H06KM21
Paloalto	generic.ml
Kaspersky	Trojan-PSW.Win32.Disco.hjb
BitDefender	Gen:Variant.Bulz.221364
Avast	Win64:Trojan-gen
Ad-Aware	Gen:Variant.Bulz.221364
Emsisoft	Gen:Variant.Bulz.221364 (B)
McAfee-GW-Edition	BehavesLike.Win64.Generic.vc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Vmprotect
Jiangmin	RiskTool.Generic.ubr
Gridinsoft	Ransom.Win64.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Bulz.221364
Cynet	Malicious (score: 100)
McAfee	BackDoor-FDOH!BB92861AFA74
MAX	malware (ai score=83)
VBA32	Trojan.Sabsik.FL
APEX	Malicious
Tencent	Win32.Trojan-qqpass.Qqrob.Phzu
eGambit	Unsafe.AI_Score_94%
Fortinet	W64/BDoor.FDOH!tr
AVG	Win64:Trojan-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_80% (W)