Malware

Bulz.241814 information

Malware Removal

The Bulz.241814 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.241814 virus can do?

  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Executed a command line with /V argument which modifies variable behaviour and whitespace allowing for increased obfuscation options
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Clears Windows events or logs
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Bulz.241814?



File Info:

name: 7F5D1F6BB39F413B4171.mlw
path: /opt/CAPEv2/storage/binaries/41192babd9d5daebb8ccba0db59da80af6804ff2b1b5f67daeb9417eccd65fbc
crc32: EE9EEC27
md5: 7f5d1f6bb39f413b417105bc6012388d
sha1: 75a8c9c9238772663d4b00a9d4cf06f4b928bc8e
sha256: 41192babd9d5daebb8ccba0db59da80af6804ff2b1b5f67daeb9417eccd65fbc
sha512: 5b1f590b9f0b37c708b47f435b4fb115b4fb7ed8ffbd476d96b7a4c2c4b9ba3c718aac26ac2547cf5ccda95609c1e2b1517333a5953bc8399e1a25e46bd9e5e2
ssdeep: 1536:L4/K7ZSf7WiQUy//KH07uybu4UChe5DxJA33ndV9a:Ei7I0Uw97u8u4BQZg33nv9a
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167837B4D7D93D427D3A20A309C7156F67AB7AF23D153920B2300BE5FB93A552963E243
sha3_384: 8b67807c33ac9db43a8b9a3cb2b8d6006863c3768748a833dfe7852580893d68cf0e5206a4565507dd644a4aae9f98e0
ep_bytes: 81ecd40200005356576a205f33db6801
timestamp: 2020-02-12 20:26:26


Version Info:

CompanyName: Viber Media S.à r.l
FileDescription: Viber Portable
FileVersion: 15.1.0.5
LegalCopyright: 2021 Игорь
ProductName: Viber Portable
Translation: 0x0419 0x04e3

Bulz.241814 also known as:

LionicTrojan.Win32.Bulz.4!c
MicroWorld-eScanGen:Variant.Bulz.241814
FireEyeGen:Variant.Bulz.241814
ALYacGen:Variant.Bulz.241814
VIPREGen:Variant.Bulz.241814
SangforTrojan.Win32.Wacatac.B
Cybereasonmalicious.bb39f4
Paloaltogeneric.ml
BitDefenderGen:Variant.Bulz.241814
EmsisoftGen:Variant.Bulz.241814 (B)
McAfee-GW-EditionBehavesLike.Win32.Dropper.lh
GDataGen:Variant.Bulz.241814
JiangminTrojan.Generic.gwsls
ArcabitTrojan.Bulz.D3B096
MicrosoftTrojan:Win32/Zpevdo.B
AhnLab-V3Malware/Win.Generic.R432563
McAfeeArtemis!7F5D1F6BB39F
MAXmalware (ai score=85)
Cylanceunsafe
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_60% (D)

How to remove Bulz.241814?

Bulz.241814 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment