Malware

Bulz.223984 (B) (file analysis)

Malware Removal

The Bulz.223984 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.223984 (B) virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Attempts to remove evidence of file being downloaded from the Internet
  • Code injection with CreateRemoteThread in a remote process
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Likely virus infection of existing system binary
  • Creates a copy of itself
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz
iphanyi.webredirect.org

How to determine Bulz.223984 (B)?



File Info:

crc32: 993149B0
md5: 2496c32182f058193c695bf5a21d6ced
name: 2496C32182F058193C695BF5A21D6CED.mlw
sha1: 8c4cd680dcfcd6a798d035351c26217098b5f9fd
sha256: b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31
sha512: 098f5866a222a71239886afcbcfa092d69bc04bfd33eb0a55d8a64b574dbb7296fcfae61d680285bb19b5f16a29b7c0efe99496658e2cde7937ec8822e5c49a0
ssdeep: 6144:Kp5mfHHx9QFeYj/jzT+Nbbeoq2aIcEo/hLrBRfQ+8sCVKZubm8J9R7x6uQoErG:OqnxqEYj/fkaoq2aIcEwhL9Rr8sCVGG
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright PodVew 2020
Assembly Version: 1.0.0.0
InternalName: PodVew.exe
FileVersion: 1.0.0.0
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: PodVew
ProductVersion: 1.0.0.0
FileDescription: PodVew
OriginalFilename: PodVew.exe

Bulz.223984 (B) also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Packed2.41837
MicroWorld-eScanGen:Variant.Bulz.223984
FireEyeGeneric.mg.2496c32182f05819
ALYacGen:Variant.Bulz.223984
CylanceUnsafe
K7AntiVirusTrojan ( 700000121 )
BitDefenderGen:Variant.Bulz.223984
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZemsilF.34658.tm0@aeUEhij
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:RATX-gen [Trj]
CynetMalicious (score: 100)
KasperskyHEUR:Exploit.MSIL.Shellcode.gen
AlibabaTrojan:Win32/Starter.ali2000005
Ad-AwareGen:Variant.Bulz.223984
EmsisoftGen:Variant.Bulz.223984 (B)
TrendMicroTROJ_GEN.R06CC0PKP20
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
JiangminExploit.MSIL.pc
AviraHEUR/AGEN.1139136
MicrosoftTrojan:Win32/Woreflint.A!cl
ArcabitTrojan.Bulz.D36AF0
ZoneAlarmHEUR:Exploit.MSIL.Shellcode.gen
GDataGen:Variant.Bulz.223984
AhnLab-V3Malware/Win32.RL_Generic.C4229791
McAfeeGenericRXMJ-NN!2496C32182F0
MAXmalware (ai score=81)
MalwarebytesBackdoor.Remcos
ESET-NOD32a variant of MSIL/Kryptik.QME
TrendMicro-HouseCallTROJ_GEN.R06CC0PKP20
RisingTrojan.Kryptik!8.8 (TFE:C:f0M3KjoXAzM)
eGambitUnsafe.AI_Score_99%
FortinetMSIL/Kryptik.QME!tr
AVGWin32:RATX-gen [Trj]
Cybereasonmalicious.0dcfcd
Paloaltogeneric.ml
Qihoo-360HEUR/QVM03.0.81FF.Malware.Gen

How to remove Bulz.223984 (B)?

Bulz.223984 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment