Malware

Bulz.292211 removal instruction

Malware Removal

The Bulz.292211 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.292211 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs HTTP requests potentially not found in PCAP.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Bulz.292211?



File Info:

name: E8DC5F3D4E6708294EBE.mlw
path: /opt/CAPEv2/storage/binaries/961fe182a75e592293c03a8d6bf68fa305f5cee8f40ec9b36653ee928d773dc6
crc32: 4E88E33F
md5: e8dc5f3d4e6708294ebe0a19b67e2362
sha1: 4dd8659f4efa08f5bf3c313de761a653e371e46a
sha256: 961fe182a75e592293c03a8d6bf68fa305f5cee8f40ec9b36653ee928d773dc6
sha512: 7ccc9a461e159beb65929811f2a1af848c704e263024828ddd89f4b259a7572b4b78023b430c3a28c3fc75abde55a43e4670f8bb2bb5d4ffc7a2408cc52e1ca9
ssdeep: 49152:+DtoZ+xz8v9ME8xmN3Aek03noj45wlDTbCIabjKoh9WMM84pjcY/:pd9ReUJF3noxDqIabjKoh9Wlfg
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T11A26190EEE509E31C469067135E0E7AF0C957D9085234E5B7385BEDEFAB2F8167D2222
sha3_384: abf4c703aa13089bbf358a46d990656d5720074f23639f394136c17d5308c4c0645a5cc886543a76ba9cbabf4b6a1648
ep_bytes: ff250020400000000000000000000000
timestamp: 2009-05-23 01:22:10


Version Info:

CompanyName: Microsoft Corporation
FileDescription: PresentationFontCache.exe
FileVersion: 3.0.6920.4902 built by: NetFXw7
InternalName: PresentationFontCache.exe
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: PresentationFontCache.exe
ProductName: Microsoft® .NET Framework
ProductVersion: 3.0.6920.4902
Comments: Flavor=Retail
PrivateBuild: DDBLD145
Translation: 0x0409 0x04b0

Bulz.292211 also known as:

DrWebTrojan.Siggen7.54760
ClamAVWin.Trojan.Generic-9853696-0
FireEyeGeneric.mg.e8dc5f3d4e670829
McAfeeArtemis!E8DC5F3D4E67
CylanceUnsafe
SangforTrojan.Win32.Save.a
Cybereasonmalicious.d4e670
CyrenW32/Blackie.U.gen!Eldorado
APEXMalicious
CynetMalicious (score: 100)
BitDefenderGen:Variant.Bulz.292211
MicroWorld-eScanGen:Variant.Bulz.292211
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Bulz.292211
SophosGeneric ML PUA (PUA)
EmsisoftGen:Variant.Bulz.292211 (B)
IkarusVirus.Win32.Blackie
GDataGen:Variant.Bulz.292211
MicrosoftTrojan:Win32/Wacatac.B!ml
ALYacGen:Variant.Bulz.292211
MAXmalware (ai score=83)
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Agent.61F7!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Bulz.292211?

Bulz.292211 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment