Categories: Malware

Bulz.223984 (B) (file analysis)

The Bulz.223984 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.223984 (B) virus can do?

Executable code extraction
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Expresses interest in specific running processes
Reads data out of its own binary image
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Attempts to remove evidence of file being downloaded from the Internet
Code injection with CreateRemoteThread in a remote process
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup
Creates a hidden or system file
Likely virus infection of existing system binary
Creates a copy of itself
Attempts to interact with an Alternate Data Stream (ADS)
Collects information to fingerprint the system

Related domains:

z.whorecord.xyz

a.tomx.xyz

iphanyi.webredirect.org

How to determine Bulz.223984 (B)?


File Info:
crc32: 993149B0md5: 2496c32182f058193c695bf5a21d6cedname: 2496C32182F058193C695BF5A21D6CED.mlwsha1: 8c4cd680dcfcd6a798d035351c26217098b5f9fdsha256: b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31sha512: 098f5866a222a71239886afcbcfa092d69bc04bfd33eb0a55d8a64b574dbb7296fcfae61d680285bb19b5f16a29b7c0efe99496658e2cde7937ec8822e5c49a0ssdeep: 6144:Kp5mfHHx9QFeYj/jzT+Nbbeoq2aIcEo/hLrBRfQ+8sCVKZubm8J9R7x6uQoErG:OqnxqEYj/fkaoq2aIcEwhL9Rr8sCVGGtype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
Translation: 0x0000 0x04b0LegalCopyright: Copyright PodVew 2020Assembly Version: 1.0.0.0InternalName: PodVew.exeFileVersion: 1.0.0.0CompanyName: LegalTrademarks: Comments: ProductName: PodVewProductVersion: 1.0.0.0FileDescription: PodVewOriginalFilename: PodVew.exe

Bulz.223984 (B) also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.Packed2.41837
MicroWorld-eScan	Gen:Variant.Bulz.223984
FireEye	Generic.mg.2496c32182f05819
ALYac	Gen:Variant.Bulz.223984
Cylance	Unsafe
K7AntiVirus	Trojan ( 700000121 )
BitDefender	Gen:Variant.Bulz.223984
K7GW	Trojan ( 700000121 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZemsilF.34658.tm0@aeUEhij
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Exploit.MSIL.Shellcode.gen
Alibaba	Trojan:Win32/Starter.ali2000005
Ad-Aware	Gen:Variant.Bulz.223984
Emsisoft	Gen:Variant.Bulz.223984 (B)
TrendMicro	TROJ_GEN.R06CC0PKP20
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Sophos	ML/PE-A
SentinelOne	Static AI – Malicious PE
Jiangmin	Exploit.MSIL.pc
Avira	HEUR/AGEN.1139136
Microsoft	Trojan:Win32/Woreflint.A!cl
Arcabit	Trojan.Bulz.D36AF0
ZoneAlarm	HEUR:Exploit.MSIL.Shellcode.gen
GData	Gen:Variant.Bulz.223984
AhnLab-V3	Malware/Win32.RL_Generic.C4229791
McAfee	GenericRXMJ-NN!2496C32182F0
MAX	malware (ai score=81)
Malwarebytes	Backdoor.Remcos
ESET-NOD32	a variant of MSIL/Kryptik.QME
TrendMicro-HouseCall	TROJ_GEN.R06CC0PKP20
Rising	Trojan.Kryptik!8.8 (TFE:C:f0M3KjoXAzM)
eGambit	Unsafe.AI_Score_99%
Fortinet	MSIL/Kryptik.QME!tr
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.0dcfcd
Paloalto	generic.ml
Qihoo-360	HEUR/QVM03.0.81FF.Malware.Gen