Categories: Malware

Bulz.263720 (B) (file analysis)

The Bulz.263720 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.263720 (B) virus can do?

Executable code extraction
Creates RWX memory
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Norwegian (Nynorsk)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Steals private information from local Internet browsers
Attempts to modify proxy settings
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Harvests information related to installed mail clients
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

realmengame.com

ip-api.com

How to determine Bulz.263720 (B)?


File Info:
crc32: 91FF3E5Fmd5: 74053a9334151a9530acd1234e3ab86aname: 74053A9334151A9530ACD1234E3AB86A.mlwsha1: 83dd029cbd3e0dbbbfe325fb13d0348906bb2c02sha256: a8058a034a341a74862ee03f21652d5aad1a03737cc5f9ea52d606bef971b386sha512: 51a2c98c0c6ac225aba0e028bc17d6f3053efcf452d3102ddfab6cd6dbbd736215a0f9095315080b2c5d14c7db9c64b644fa277ae5fa74fd00a943bd6aaaa410ssdeep: 12288:l9oLofB72/8rTsm9FLR6QzotyjbnGPfyXN/xW/qM+x:wLiBa0rTs+6Q8gqtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
InternalName: triwylbikes.acsFileVers: 26.26.361ProductionVersion: 1.0.22.25Copyright: Copyrighz (C) 2020, padkafugTranslationUsa: 0x0872 0x0081

Bulz.263720 (B) also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Bulz.263720
FireEye	Generic.mg.74053a9334151a95
CAT-QuickHeal	Trojan.Chapak
ALYac	Gen:Variant.Bulz.263720
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Chapak.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 005749401 )
BitDefender	Gen:Variant.Bulz.263720
K7GW	Trojan ( 005749401 )
CrowdStrike	win/malicious_confidence_80% (D)
Cyren	W32/Kryptik.CRW.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
ClamAV	Win.Packed.Bulz-9808185-0
Kaspersky	Trojan.Win32.Chapak.ewut
ViRobot	Trojan.Win32.Z.Bulz.606720.B
Rising	Trojan.Kryptik!1.CFEE (CLASSIC)
Ad-Aware	Gen:Variant.Bulz.263720
Emsisoft	Gen:Variant.Bulz.263720 (B)
Comodo	Malware@#3vpbew4c47tw
F-Secure	Trojan.TR/AD.VidarStealer.fexrp
TrendMicro	TROJ_GEN.R002C0WLD20
McAfee-GW-Edition	BehavesLike.Win32.PWSSpyeye.hc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Crypt
Webroot	W32.Malware.Gen
Avira	TR/AD.VidarStealer.fexrp
MAX	malware (ai score=86)
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Glupteba.NK!MTB
Gridinsoft	Trojan.Win32.Kryptik.oa
Arcabit	Trojan.Bulz.D40628
ZoneAlarm	Trojan.Win32.Chapak.ewut
GData	Gen:Variant.Bulz.263720
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.GenKryptik.R357725
Acronis	suspicious
McAfee	RDN/Generic.hbg
VBA32	Trojan.Injuke
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.HIFB
TrendMicro-HouseCall	TROJ_GEN.R002C0WLD20
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Kryptik.HIFA!tr
BitDefenderTheta	Gen:NN.ZexaF.34700.LmKfa4TKd0cG
AVG	FileRepMalware
Cybereason	malicious.cbd3e0
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.790