About “Bulz.279057 (B)” infection

Malware Removal

The Bulz.279057 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Bulz.279057 (B) virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process created a hidden window
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Serbian
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Collects information about installed applications
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests information related to installed instant messenger clients
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

api.ipify.org
asfasfvcxvdbs.com

How to determine Bulz.279057 (B)?


File Info:

crc32: 261B2D02
md5: a805ad0e74f9740a16855d75ce422b5b
name: A805AD0E74F9740A16855D75CE422B5B.mlw
sha1: b0aad0de40153ebb88ed374165baad591d75df18
sha256: 509a12684cbe4807cff583c20831617ed823605226c022391e66e50be0227d8d
sha512: eb5fedd7adb375a637a9dda5ab57db95d3bc8ad1035d96fa3f05bc4211c815447e8b222711bd746c7266cddcb1da7bcb0fe569fc22eb2082c1bc4001ea91a2ab
ssdeep: 6144:nrq0EiwG+9zt0449RZqy6wOZg0AALv21XaW0rLFb56dpLN4XQKJ3:nwiIu99PqtZXAYIXaW0rN3
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalName: kogzmuahoke.exi
ProductVersion: 91.78.32.18
Copyright: Copyrighz (C) 2020, vodkagats
Translation: 0x0182 0x0101

Bulz.279057 (B) also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 00576c951 )
Elasticmalicious (high confidence)
ClamAVWin.Packed.Pwsx-9862513-0
ALYacGen:Variant.Bulz.279057
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderGen:Variant.Bulz.279057
K7GWTrojan ( 00576c951 )
Cybereasonmalicious.e74f97
SymantecPacked.Generic.525
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:DangerousObject.Multi.Generic
MicroWorld-eScanGen:Variant.Bulz.279057
Ad-AwareGen:Variant.Bulz.279057
SophosML/PE-A
BitDefenderThetaGen:NN.ZexaF.34058.Dm3@aCuFLPnG
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
FireEyeGeneric.mg.a805ad0e74f9740a
EmsisoftGen:Variant.Bulz.279057 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1144330
MicrosoftTrojan:Win32/Wacatac.B!ml
GridinsoftRansom.Win32.STOP.ko!se49605
ArcabitTrojan.Bulz.D44211
GDataGen:Variant.Bulz.279057
Acronissuspicious
MAXmalware (ai score=85)
MalwarebytesTrojan.MalPack.GS
RisingTrojan.Kryptik!1.D82C (CLASSIC)
IkarusTrojan-Banker.UrSnif
Qihoo-360HEUR/QVM10.1.0F60.Malware.Gen

How to remove Bulz.279057 (B)?

Bulz.279057 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment