Malware

Bulz.276632 (file analysis)

Malware Removal

The Bulz.276632 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.276632 virus can do?

  • Executable code extraction
  • At least one process apparently crashed during execution
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Bulz.276632?



File Info:

crc32: EC46CF4A
md5: a1410351d1316658a3d880f5bc3ad8e2
name: A1410351D1316658A3D880F5BC3AD8E2.mlw
sha1: f28a902aea109d641ee04366cfb21d3989da74c6
sha256: befb42e0d749ef7e8e8942f898fffd6c83101a6726aace29661d1dd67668e409
sha512: 4ad2704439aff1d0c7c97d84ac65d4302ff23e1f0570f66b45f6f225c77337d565bcdac5e575187f68046338d5c3af84ed67fed0e81297e8e82645841229207e
ssdeep: 196608:ETEHEuEb0bJ7/pcaQoW55Yt2mReXglRz/5CP415RHcvp3VR0KJ:4QBcaQoWMwmRYgH/j1cR3nX
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileVersion: 3.6.0.6             
CompanyName:                                                             
Comments: This installation was built with Inno Setup.
ProductName: APOptimizer                                                 
ProductVersion: 3.6.0.6             
FileDescription: APOptimizer Setup                                           
Translation: 0x0000 0x04b0

Bulz.276632 also known as:

K7AntiVirusRiskware ( 0040eff71 )
LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Zadved.1661
ALYacGen:Variant.Bulz.276632
CylanceUnsafe
SangforTrojan.Win32.Woreflint.A
AlibabaTrojanDropper:Win32/Ekstak.dddcad0e
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.1d1316
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLY
APEXMalicious
AvastWin32:AdwareX-gen [Adw]
ClamAVWin.Malware.Convagent-9840627-0
KasperskyHEUR:Trojan.Win32.Ekstak.gen
BitDefenderGen:Variant.Bulz.276632
MicroWorld-eScanGen:Variant.Bulz.276632
TencentWin32.Trojan-dropper.Agent.Ljjl
Ad-AwareGen:Variant.Bulz.276632
SophosMal/Generic-S
F-SecureTrojan.TR/Ekstak.ftmiu
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.BadFile.tc
FireEyeGen:Variant.Bulz.276632
EmsisoftGen:Variant.Bulz.276632 (B)
JiangminTrojan.Ekstak.bnvk
WebrootW32.Malware.Gen
AviraTR/Ekstak.ftmiu
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Bulz.D43898
GDataGen:Variant.Bulz.276632
AhnLab-V3PUP/Win32.DownloadAssistant.R358731
McAfeeArtemis!A1410351D131
MAXmalware (ai score=86)
VBA32Trojan.Ekstak
MalwarebytesAdware.DownloadAssistant
PandaTrj/Genetic.gen
YandexTrojan.Ekstak!gvpfBRk8y5Q
IkarusTrojan.Win32.Crypt
FortinetRiskware/Ekstak
AVGWin32:AdwareX-gen [Adw]
Paloaltogeneric.ml

How to remove Bulz.276632?

Bulz.276632 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment