Categories: Malware

Bulz.250131 removal instruction

The Bulz.250131 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.250131 virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Unconventionial language used in binary resources: Korean
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Authenticode signature is invalid
Binary file triggered YARA rule
Yara detections observed in process dumps, payloads or dropped files

How to determine Bulz.250131?


File Info:
name: 878E74E8B068AFB952F2.mlwpath: /opt/CAPEv2/storage/binaries/d5528e605829c7c5607662b2f43fd0e5f640898f0ce4db33533e05e121af32e2crc32: 58325E8Amd5: 878e74e8b068afb952f2ca2709dac2bfsha1: c765d58c3894fed3560dbca40da1ca95a4aa9f23sha256: d5528e605829c7c5607662b2f43fd0e5f640898f0ce4db33533e05e121af32e2sha512: 5ef78e09501566846d49e227112e2b7fd3f22c6012d85f3ab83ce26fd97ffb67d05257b89f1d3fc4b1ba5849c87f2cc9893109e7a3ba49bfcdcaa7f4e7527337ssdeep: 98304:1m/fkt0lFfuq+IXMxmYmyoKXx4uNE0XN7l112lHE9968c/2e1uxaU5RozWqTNm7z:1RETcxjmKhbNEEl1kKmOe1uxLaW75dtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BE7623661BB94449C2C28D3C4A73FEBC71FC463ADD46D6349AE25CC7361A8E8F552883sha3_384: ed4c943c8a614f4ba5157ff9f60a909a93bb181d3bf6f5ff44900c26a80bb3837f23ffa09a8f0d5a43e8d1135f2ffba9ep_bytes: 688f1d5b62e80d34a7ff2d8805351df7timestamp: 2020-11-12 21:56:55
Version Info:
FileDescription: Sailor Online LauncherFileVersion: 1.0.0.3InternalName: LegalCopyright: Copyright (C) 2019OriginalFilename: ProductName: Sailor Online LauncherProductVersion: 0.0.0.3Translation: 0x0412 0x04b0

Bulz.250131 also known as:

Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Gen:Variant.Bulz.250131
FireEye	Gen:Variant.Bulz.250131
Skyhigh	Artemis
McAfee	Artemis!878E74E8B068
Malwarebytes	Generic.Malware/Suspicious
Sangfor	Trojan.Win32.Agent.Vdsn
Cybereason	malicious.8b068a
BitDefenderTheta	Gen:NN.ZexaF.36802.@B1@ayq0SwkG
TrendMicro-HouseCall	TROJ_GEN.R002H09I823
BitDefender	Gen:Variant.Bulz.250131
Emsisoft	Gen:Variant.Bulz.250131 (B)
VIPRE	Gen:Variant.Bulz.250131
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Win32.SGeneric
Arcabit	Trojan.Bulz.D3D113
GData	Gen:Variant.Bulz.250131
Cylance	unsafe
MaxSecure	Trojan.Malware.207169931.susgen
Fortinet	W32/PossibleThreat
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_60% (D)