Categories: Malware

Bulz.256489 malicious file

The Bulz.256489 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.256489 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Bulz.256489?


File Info:
name: EBF58A7B2CFFDB313FBC.mlwpath: /opt/CAPEv2/storage/binaries/011159a91512cde4c172ee88c99d05254f28b05bd3fd83a0a31deb0d88f6b8c9crc32: C5CCC31Bmd5: ebf58a7b2cffdb313fbc6f255854b84fsha1: 5de193ace38d78bb4172f6414fa8794d99527f92sha256: 011159a91512cde4c172ee88c99d05254f28b05bd3fd83a0a31deb0d88f6b8c9sha512: 1269293ccdba87c43e5e67a1d5e44cd3fe29c134c2325089e339ef6f0d7b5eb39a26e0d1a25612beb1bb84689458f5bcd2a0d77f4094d74b31f107f33af0194dssdeep: 24576:x1NL/l7MHWJ4GDKB2XAQLYKih4SOE5fj2RuGPnYDuul0Y:x1NL/loHk4GeXd4tE5fwfLtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1EC85E761F1EBD9B1E94421F5881AC4CD04906D37461AA65BBDF23E8F9033B8BCB2F159sha3_384: e3098e259d3f67907941e4506ce8e43c19003db5d7e43b4d0e552351a726b2b05b604527131058978fd89a1142c88127ep_bytes: ff250020400000000000000000000000timestamp: 2012-12-03 15:25:57
Version Info:
Translation: 0x0000 0x04b0CompanyName: MicrosoftFileDescription: Binder By hackers dzFileVersion: 1.0.0.0InternalName: Binder By hackers dz.exeLegalCopyright: Copyright © Microsoft 2012OriginalFilename: Binder By hackers dz.exeProductName: Binder By hackers dzProductVersion: 1.0.0.0Assembly Version: 1.0.0.0

Bulz.256489 also known as:

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.Bulz.256489
FireEye	Generic.mg.ebf58a7b2cffdb31
ALYac	Gen:Variant.Bulz.256489
Cylance	Unsafe
Sangfor	Riskware.Win32.Agent.ky
K7AntiVirus	Trojan ( 700000121 )
Alibaba	Trojan:MSIL/Generic.d4ad2025
K7GW	Trojan ( 700000121 )
Cybereason	malicious.b2cffd
VirIT	Trojan.Win32.MSIL4.BUWH
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDropper.Agent.ABV
Paloalto	generic.ml
ClamAV	Win.Trojan.Agent-1149000
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Bulz.256489
NANO-Antivirus	Trojan.Win32.Agent.dyztes
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Generic.Apcv
Ad-Aware	Gen:Variant.Bulz.256489
Emsisoft	Gen:Variant.Bulz.256489 (B)
Comodo	Malware@#2u4z2bdewor6p
DrWeb	Trojan.DownLoader9.43360
Zillya	Dropper.Agent.Win32.182644
McAfee-GW-Edition	Artemis!Trojan
SentinelOne	Static AI – Suspicious PE
Sophos	Mal/Generic-S
APEX	Malicious
GData	Gen:Variant.Bulz.256489
Avira	TR/Dropper.MSIL.Gen
MAX	malware (ai score=88)
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
McAfee	Artemis!EBF58A7B2CFF
VBA32	Trojan.MSIL.Zapchast
Yandex	Trojan.DR.Agent!CH/lW1sRrE4
Ikarus	Trojan-Dropper.MSIL.Agent
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)