Malware

Bulz.250756 (B) removal

Malware Removal

The Bulz.250756 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.250756 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Attempts to create or modify a Browser Helper Object
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Anomalous binary characteristics

How to determine Bulz.250756 (B)?



File Info:

name: 635075C516586183AC3E.mlw
path: /opt/CAPEv2/storage/binaries/040857e54fe959b647904ce2566e5f90f370dab819a04aa619126cba8fe0f1b1
crc32: 9206284D
md5: 635075c516586183ac3e0adae7661b33
sha1: a73c968b163565814b70f5a428e352537dc96a6d
sha256: 040857e54fe959b647904ce2566e5f90f370dab819a04aa619126cba8fe0f1b1
sha512: 23ae3c39150d625c125230e9e6ef1e589b417c79a8a47a3ef92b64dad83a4df565eb35b11fcadd6749057bbfa2a4c6f70a43707e2b66e6902346f841558d4285
ssdeep: 98304:wej8CSKOF+iACMGhn2z/FqKezgyCN3XIPRLdSJQs/GL97G+/rZyeY2RN:wWSKO6CME2tqFiXIPJxl/fY2RN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11136334FC127ADB1E847B9FA0880E61F49207C5953098062EEB5FAB6DDB65C3FC2854D
sha3_384: 456afd4d4a365f990a028d4c318f62be34aa7e7eaf4db1e7fc7958bddd93f8caf5e1bee4044eea08c166a9bd8b9ef8c8
ep_bytes: 5589e557565381ecac010000ff157493
timestamp: 2012-02-19 15:01:49


Version Info:

CompanyName: Trusted Saver
FileDescription: Trusted Saver Generic Installer
FileVersion: 1.27.153.7
LegalCopyright: Copyright Trusted Saver
ProductName: Trusted Saver Generic
Translation: 0x0409 0x0000

Bulz.250756 (B) also known as:

BkavW32.AIDetect.malware2
LionicAdware.Win32.Lyckriks.2!c
MicroWorld-eScanGen:Variant.Bulz.250756
FireEyeGen:Variant.Bulz.250756
ALYacGen:Variant.Bulz.250756
CylanceUnsafe
VIPREGen:Variant.Bulz.250756
SangforAdware.Win32.Lyckriks.V2zu
K7AntiVirusTrojan ( 0055e39b1 )
AlibabaAdWare:Win32/Lyckriks.27a9015f
K7GWTrojan ( 0055e39b1 )
Cybereasonmalicious.516586
CyrenW32/Trojan.TAOV-9147
SymantecTrojan.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32Win32/Packed.ScrambleWrapper.C potentially unwanted
Paloaltogeneric.ml
Kasperskynot-a-virus:AdWare.Win32.Lyckriks.cw
BitDefenderGen:Variant.Bulz.250756
NANO-AntivirusTrojan.Win32.Generic.csnrgl
AvastWin32:Adware-gen [Adw]
Ad-AwareGen:Variant.Bulz.250756
SophosGeneric Reputation PUA (PUA)
DrWebAdware.Plugin.73
ZillyaAdware.Lyckriks.Win32.1425
TrendMicroTROJ_GEN.R002C0WE522
McAfee-GW-EditionBehavesLike.Win32.BadFile.rc
EmsisoftGen:Variant.Bulz.250756 (B)
GDataGen:Variant.Bulz.250756
JiangminAdWare/Lyckriks.am
WebrootPua.Brightcircle
Antiy-AVLTrojan/Generic.ASMalwS.2E10
KingsoftWin32.Troj.Lyckriks.cw.(kcloud)
ArcabitTrojan.Bulz.D3D384
MicrosoftTrojan:Win32/Occamy.C04
CynetMalicious (score: 100)
McAfeeArtemis!635075C51658
MAXmalware (ai score=100)
VBA32Adware.Lyckriks
MalwarebytesPUP.Optional.CrossRider
TrendMicro-HouseCallTROJ_GEN.R002C0WE522
RisingTrojan.Generic@AI.89 (RDML:kxqZt9Z7xTxvGgJtNRBwaQ)
YandexPUA.Lyckriks!6nSeuYVUA4E
FortinetAdware/Lyckriks
AVGWin32:Adware-gen [Adw]
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Bulz.250756 (B)?

Bulz.250756 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment