Malware

Bulz.282373 removal tips

Malware Removal

The Bulz.282373 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.282373 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Attempts to identify installed AV products by installation directory
  • Anomalous binary characteristics

How to determine Bulz.282373?



File Info:

name: F8531532744381029673.mlw
path: /opt/CAPEv2/storage/binaries/c0ba16373d138d70b8192730a5881fd43095e59ae33661e0643cec1dc3715eb9
crc32: B75B0055
md5: f85315327443810296735618eafb1113
sha1: e706feebae0e2df00c03870b09b641d10eae1893
sha256: c0ba16373d138d70b8192730a5881fd43095e59ae33661e0643cec1dc3715eb9
sha512: 3bd65045383eecf3b06a706c3af53cbb4edbdef1e461d6d85ef2b9e71b7f3048c9a1e3b90df6adf792536f98ce5dd1b965b51ea85caf6f41be1c079131942ace
ssdeep: 196608:xeFA6hrHej32E4mHrZRwMiUUqcnoE6ppIIngmBIWYGqPIBq:gu6pHMD4mHrfwMiU+SppIsgmbq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10C963346594E8522C443CEBD917322B05D1FFD349826E45EBE2EC6878F3722CDB65B0A
sha3_384: 8701fa62d8f2b1a5b46442e64de02e3ffc79215fd5438402953cb7ca19873b9006bb31ec7aaaabfcf81c7f8878927eab
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2020-12-11 17:44:51


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Hunspell (http://hunspell.github.io/) by Laszlo Nemeth      
FileVersion: 1.5.4.0             
LegalCopyright:                                                                                                     
ProductName: AQOptimizer                                                 
ProductVersion: 1.5.4.0             
Translation: 0x0000 0x04b0

Bulz.282373 also known as:

LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.282373
FireEyeGen:Variant.Bulz.282373
McAfeeArtemis!F85315327443
SangforTrojan.Win32.Ekstak.gen
AlibabaTrojan:Win32/Ekstak.b774d4fd
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
CyrenW32/Agent.CEX.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLY
TrendMicro-HouseCallTROJ_GEN.R002C0GKK21
KasperskyHEUR:Trojan.Win32.Ekstak.gen
BitDefenderGen:Variant.Bulz.282373
APEXMalicious
TencentWin32.Trojan-dropper.Agent.Eddj
Ad-AwareGen:Variant.Bulz.282373
SophosMal/Generic-S
DrWebTrojan.Zadved.1661
ZillyaTrojan.Ekstak.Win32.57534
TrendMicroTROJ_GEN.R002C0GKK21
McAfee-GW-EditionBehavesLike.Win32.Dropper.rc
EmsisoftGen:Variant.Bulz.282373 (B)
GDataGen:Variant.Bulz.282373
JiangminTrojan.Ekstak.bnvr
WebrootW32.Malware.Gen
AviraTR/Ekstak.xpsfb
MAXmalware (ai score=88)
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3PUP/Win32.DownloadAssistant.R358754
VBA32Trojan.Zadved
ALYacGen:Variant.Bulz.282373
MalwarebytesAdware.DownloadAssistant
AvastWin32:AdwareX-gen [Adw]
IkarusTrojan.Win32.Crypt
FortinetPossibleThreat.MU
AVGWin32:AdwareX-gen [Adw]
Cybereasonmalicious.274438
PandaTrj/Genetic.gen

How to remove Bulz.282373?

Bulz.282373 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment