Categories: Malware

About “Bulz.287374” infection

The Bulz.287374 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.287374 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Creates RWX memory
Checks adapter addresses which can be used to detect virtual network interfaces
Possible date expiration check, exits too soon after checking local time
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Authenticode signature is invalid
Anomalous .NET characteristics
Anomalous binary characteristics

How to determine Bulz.287374?


File Info:
name: 4D7EE35708D8A2696A30.mlwpath: /opt/CAPEv2/storage/binaries/de6da834f6c6908a1ebb8147aa05f3ee314274fea86af40dec8e32ce5e63a64ccrc32: 627DB398md5: 4d7ee35708d8a2696a305f6c3bb1624dsha1: 80babc7b3ab5d55fbd695959aab6ee8730f7e701sha256: de6da834f6c6908a1ebb8147aa05f3ee314274fea86af40dec8e32ce5e63a64csha512: 73706d54ade2c3aecfe5ea45f0e00fd32e0653685cf1e12cb37e37eeab53041ec3d0bb5b5751b6400990ac7a141c12de55ec8f039da804ed449129ed2968bd86ssdeep: 12288:vYqqt2gJGGlFUasALAF1b2U3b0tpe3NL6l2mfB2mTaoz8rLP68b80c:AqDgJGMfdLEnLO2NL6lHgkY8jtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1C705025CDF9C5697CBCE0772B0264690C7FDDA06B15BD7AA35087EB42E43BA4440C2A7sha3_384: f1a65a9888e09bafa3bd56d9a8f54787967f357df761538a5e96a0746f260907e34fbcb60de288da9c505950d7039396ep_bytes: ff2500a054006d73636f7265652e646ctimestamp: 2022-07-24 09:03:17
Version Info:
0: [No Data]

Bulz.287374 also known as:

Bkav	W32.AIDetectNet.01
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
McAfee	BackDoor-FDNN!4D7EE35708D8
Cylance	Unsafe
VIPRE	Gen:Variant.Bulz.287374
Sangfor	Virus.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
BitDefender	Gen:Variant.Bulz.287374
K7GW	Trojan ( 700000121 )
CrowdStrike	win/malicious_confidence_100% (D)
Arcabit	Trojan.Bulz.D4628E
Baidu	MSIL.Backdoor.Bladabindi.a
Cyren	W32/MSIL_Kryptik.UV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.CWR
APEX	Malicious
ClamAV	Win.Malware.Vmprotect-9951746-0
Kaspersky	HEUR:Trojan.MSIL.Crypt.gen
MicroWorld-eScan	Gen:Variant.Bulz.287374
Rising	Backdoor.njRAT!1.9E49 (CLASSIC)
Ad-Aware	Gen:Variant.Bulz.287374
Emsisoft	Gen:Variant.Bulz.287374 (B)
F-Secure	Heuristic.HEUR/AGEN.1226402
McAfee-GW-Edition	BehavesLike.Win32.Generic.bc
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.4d7ee35708d8a269
Sophos	ML/PE-A + Mal/VMProtBad-A
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDropper.Autoit.dce
Avira	HEUR/AGEN.1226402
Microsoft	Program:Win32/Wacapew.C!ml
GData	Gen:Variant.Bulz.287374
AhnLab-V3	Trojan/Win.Crypt.C4535300
Acronis	suspicious
ALYac	Gen:Variant.Bulz.287374
MAX	malware (ai score=84)
Malwarebytes	Malware.AI.3847373440
Ikarus	PUA.VMProtect
MaxSecure	Trojan.Malware.300983.susgen
BitDefenderTheta	Gen:NN.ZemsilF.34806.WKW@aiJPThe
AVG	Win32:Evo-gen [Susp]
Cybereason	malicious.708d8a
Avast	Win32:Evo-gen [Susp]