Malware

Bulz.290975 (B) (file analysis)

Malware Removal

The Bulz.290975 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.290975 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Bulz.290975 (B)?



File Info:

name: EC642B494FA0AC7E58A8.mlw
path: /opt/CAPEv2/storage/binaries/174d43d121a0311beeb1a5f728aa5c080bda485c9dbbc972c7ee3917230c4f6b
crc32: 07337D6C
md5: ec642b494fa0ac7e58a8472c9d193fba
sha1: 3b4f2414f51b0ca0c2925c4bacdd6b3b295ce401
sha256: 174d43d121a0311beeb1a5f728aa5c080bda485c9dbbc972c7ee3917230c4f6b
sha512: 37d864ca186f5ffc919bc096b31b834be1e889f18c290e1757b2c21993842c3aa82ba6be9dd5ea4fff8e503bdf73ea8825f8e3de97523119232c2fb03221fce9
ssdeep: 196608:PBxDpfmGK8/B8Bb5ouCy+yFrJCGqB82uVJA3JWQ/SNtamz1mKlb:px9K1b5oPwF9CtB82QinLmz4Kt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167A623C7EC051DAFCEB087B6619173B144B6BFB2EE44985026C8B3B84D3A4D4576E31A
sha3_384: 4dca05f7a01d049d37d6e1e135cc8d7c78e2aacffc957584406bf9d0b940e6d717a5c8283f513ff5206f99d057d28c1e
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2020-12-28 11:19:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Yssalsoft                                                   
FileDescription: AphStudio                                                   
FileVersion: 4.1.4.2             
LegalCopyright:                                                                                                     
ProductName: Dtal Player                                                 
ProductVersion: 4.1.4.2                                           
Translation: 0x0000 0x04b0

Bulz.290975 (B) also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Zadved.1661
MicroWorld-eScanGen:Variant.Bulz.290975
FireEyeGen:Variant.Bulz.290975
ALYacGen:Variant.Bulz.290975
MalwarebytesAdware.DownloadAssistant
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.629c5e12
K7GWTrojan ( 005722f11 )
Cybereasonmalicious.94fa0a
ArcabitTrojan.Bulz.D4709F
CyrenW32/Wacapew.D.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
KasperskyHEUR:Trojan.Win32.Ekstak.gen
BitDefenderGen:Variant.Bulz.290975
AvastWin32:AdwareX-gen [Adw]
Ad-AwareGen:Variant.Bulz.290975
EmsisoftGen:Variant.Bulz.290975 (B)
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.tc
SophosMal/Generic-S (PUA)
JiangminTrojan.Ekstak.boeu
AviraHEUR/AGEN.1141626
MAXmalware (ai score=81)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Bulz.290975
AhnLab-V3PUP/Win32.RL_Generic.R361700
McAfeeArtemis!EC642B494FA0
APEXMalicious
YandexTrojan.Ekstak!1tCHk+AICpw
IkarusTrojan-Dropper.Win32.Agent
FortinetRiskware/Ekstak
AVGWin32:AdwareX-gen [Adw]
PandaTrj/Genetic.gen

How to remove Bulz.290975 (B)?

Bulz.290975 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment