Categories: Malware

Bulz.241814 information

The Bulz.241814 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.241814 virus can do?

Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Sample contains Overlay data
Reads data out of its own binary image
Executed a command line with /V argument which modifies variable behaviour and whitespace allowing for increased obfuscation options
Unconventionial binary language: Russian
Unconventionial language used in binary resources: Russian
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Clears Windows events or logs
Deletes executed files from disk
Uses suspicious command line tools or Windows utilities
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Bulz.241814?


File Info:
name: 7F5D1F6BB39F413B4171.mlwpath: /opt/CAPEv2/storage/binaries/41192babd9d5daebb8ccba0db59da80af6804ff2b1b5f67daeb9417eccd65fbccrc32: EE9EEC27md5: 7f5d1f6bb39f413b417105bc6012388dsha1: 75a8c9c9238772663d4b00a9d4cf06f4b928bc8esha256: 41192babd9d5daebb8ccba0db59da80af6804ff2b1b5f67daeb9417eccd65fbcsha512: 5b1f590b9f0b37c708b47f435b4fb115b4fb7ed8ffbd476d96b7a4c2c4b9ba3c718aac26ac2547cf5ccda95609c1e2b1517333a5953bc8399e1a25e46bd9e5e2ssdeep: 1536:L4/K7ZSf7WiQUy//KH07uybu4UChe5DxJA33ndV9a:Ei7I0Uw97u8u4BQZg33nv9atype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T167837B4D7D93D427D3A20A309C7156F67AB7AF23D153920B2300BE5FB93A552963E243sha3_384: 8b67807c33ac9db43a8b9a3cb2b8d6006863c3768748a833dfe7852580893d68cf0e5206a4565507dd644a4aae9f98e0ep_bytes: 81ecd40200005356576a205f33db6801timestamp: 2020-02-12 20:26:26
Version Info:
CompanyName: Viber Media S.à r.lFileDescription: Viber PortableFileVersion: 15.1.0.5LegalCopyright: 2021 ИгорьProductName: Viber PortableTranslation: 0x0419 0x04e3

Bulz.241814 also known as:

Lionic	Trojan.Win32.Bulz.4!c
MicroWorld-eScan	Gen:Variant.Bulz.241814
FireEye	Gen:Variant.Bulz.241814
ALYac	Gen:Variant.Bulz.241814
VIPRE	Gen:Variant.Bulz.241814
Sangfor	Trojan.Win32.Wacatac.B
Cybereason	malicious.bb39f4
Paloalto	generic.ml
BitDefender	Gen:Variant.Bulz.241814
Emsisoft	Gen:Variant.Bulz.241814 (B)
McAfee-GW-Edition	BehavesLike.Win32.Dropper.lh
GData	Gen:Variant.Bulz.241814
Jiangmin	Trojan.Generic.gwsls
Arcabit	Trojan.Bulz.D3B096
Microsoft	Trojan:Win32/Zpevdo.B
AhnLab-V3	Malware/Win.Generic.R432563
McAfee	Artemis!7F5D1F6BB39F
MAX	malware (ai score=85)
Cylance	unsafe
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_60% (D)