Malware

About “Bulz.287374” infection

Malware Removal

The Bulz.287374 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.287374 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Anomalous binary characteristics

How to determine Bulz.287374?



File Info:

name: 4D7EE35708D8A2696A30.mlw
path: /opt/CAPEv2/storage/binaries/de6da834f6c6908a1ebb8147aa05f3ee314274fea86af40dec8e32ce5e63a64c
crc32: 627DB398
md5: 4d7ee35708d8a2696a305f6c3bb1624d
sha1: 80babc7b3ab5d55fbd695959aab6ee8730f7e701
sha256: de6da834f6c6908a1ebb8147aa05f3ee314274fea86af40dec8e32ce5e63a64c
sha512: 73706d54ade2c3aecfe5ea45f0e00fd32e0653685cf1e12cb37e37eeab53041ec3d0bb5b5751b6400990ac7a141c12de55ec8f039da804ed449129ed2968bd86
ssdeep: 12288:vYqqt2gJGGlFUasALAF1b2U3b0tpe3NL6l2mfB2mTaoz8rLP68b80c:AqDgJGMfdLEnLO2NL6lHgkY8j
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C705025CDF9C5697CBCE0772B0264690C7FDDA06B15BD7AA35087EB42E43BA4440C2A7
sha3_384: f1a65a9888e09bafa3bd56d9a8f54787967f357df761538a5e96a0746f260907e34fbcb60de288da9c505950d7039396
ep_bytes: ff2500a054006d73636f7265652e646c
timestamp: 2022-07-24 09:03:17


Version Info:

0: [No Data]

Bulz.287374 also known as:

BkavW32.AIDetectNet.01
tehtrisGeneric.Malware
CynetMalicious (score: 100)
McAfeeBackDoor-FDNN!4D7EE35708D8
CylanceUnsafe
VIPREGen:Variant.Bulz.287374
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
BitDefenderGen:Variant.Bulz.287374
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_100% (D)
ArcabitTrojan.Bulz.D4628E
BaiduMSIL.Backdoor.Bladabindi.a
CyrenW32/MSIL_Kryptik.UV.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Agent.CWR
APEXMalicious
ClamAVWin.Malware.Vmprotect-9951746-0
KasperskyHEUR:Trojan.MSIL.Crypt.gen
MicroWorld-eScanGen:Variant.Bulz.287374
RisingBackdoor.njRAT!1.9E49 (CLASSIC)
Ad-AwareGen:Variant.Bulz.287374
EmsisoftGen:Variant.Bulz.287374 (B)
F-SecureHeuristic.HEUR/AGEN.1226402
McAfee-GW-EditionBehavesLike.Win32.Generic.bc
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.4d7ee35708d8a269
SophosML/PE-A + Mal/VMProtBad-A
SentinelOneStatic AI – Malicious PE
JiangminTrojanDropper.Autoit.dce
AviraHEUR/AGEN.1226402
MicrosoftProgram:Win32/Wacapew.C!ml
GDataGen:Variant.Bulz.287374
AhnLab-V3Trojan/Win.Crypt.C4535300
Acronissuspicious
ALYacGen:Variant.Bulz.287374
MAXmalware (ai score=84)
MalwarebytesMalware.AI.3847373440
IkarusPUA.VMProtect
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZemsilF.34806.WKW@aiJPThe
AVGWin32:Evo-gen [Susp]
Cybereasonmalicious.708d8a
AvastWin32:Evo-gen [Susp]

How to remove Bulz.287374?

Bulz.287374 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment