Malware

Bulz.294900 (B) information

Malware Removal

The Bulz.294900 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.294900 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial language used in binary resources: Tswana
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • CAPE detected the Vidar malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine Bulz.294900 (B)?



File Info:

name: ABD2BBF726A32C5678A6.mlw
path: /opt/CAPEv2/storage/binaries/f9f06096f4b9c032f63ad66ca310d182ba06cb388d828307318bd561666aee24
crc32: 52106360
md5: abd2bbf726a32c5678a666bf7ebc19a9
sha1: 394a8228cbbc7232d9dd7905589a7353197ec5a0
sha256: f9f06096f4b9c032f63ad66ca310d182ba06cb388d828307318bd561666aee24
sha512: 6de7b21311ab91cee0e195a1dc592d387965fd89f88f195ebae117a863f5c6e0de9cc43b623e4389138eae22271ece652d416e2ff7ae92f06951770c6ffb6b1c
ssdeep: 12288:82ZzqdU8a/rJmA5NGTVchhUtNNe4iucS+6mZI0LGHKYppfD:l8td6hQNNekcP6mZ9KHT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DDC4125B0D754859CCB2CC7D3B2BBDE7DE4163E60F42D822BC578AA30AB4D86854F246
sha3_384: 448dbbaf5e1c3fedb447b61cb0e5c7873ce5eb2680c3b58f49649242138746592bcb1a22a1d35812b896c7188b9855da
ep_bytes: 60be00c077048dbe0050c8fb5783cdff
timestamp: 2019-11-11 02:13:49


Version Info:

FileVersion: 6.26.361
InternalName: triwilbifor.acs
Copyright: Copyrighz (C) 2020, vodkafull
ProductVersion: 1.0.15
TranslationUsa: 0x0273 0x053a

Bulz.294900 (B) also known as:

Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Bulz.294900
FireEyeGeneric.mg.abd2bbf726a32c56
ALYacGen:Variant.Bulz.294900
MalwarebytesTrojan.MalPack.GS
SangforSuspicious.Win32.Save.a
BitDefenderGen:Variant.Bulz.294900
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34606.JmKfa0TcF4mG
CyrenW32/Kryptik.CXK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HING
ClamAVWin.Dropper.Bunitu-9819420-0
KasperskyHEUR:Trojan.Win32.Chapak.vho
CynetMalicious (score: 100)
RisingTrojan.Kryptik!8.8 (TFE:5:nt4Q08fYDcI)
Ad-AwareGen:Variant.Bulz.294900
SophosMal/Generic-R + Mal/Agent-AWV
VIPREGen:Heur.Mint.Titirez.Jm0@Y0TcF4mG
McAfee-GW-EditionBehavesLike.Win32.Lockbit.hc
EmsisoftGen:Variant.Bulz.294900 (B)
APEXMalicious
AviraHEUR/AGEN.1242592
Antiy-AVLTrojan/Generic.ASCommon.1E7
MicrosoftRansom:Win32/StopCrypt.MK!MTB
GDataGen:Variant.Bulz.294900
GoogleDetected
AhnLab-V3Trojan/Win32.Injector.R361893
Acronissuspicious
McAfeeArtemis!ABD2BBF726A3
MAXmalware (ai score=86)
VBA32BScope.Trojan.Caynamer
CylanceUnsafe
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HIFA!tr
AVGWin32:PWSX-gen [Trj]
Cybereasonmalicious.726a32
AvastWin32:PWSX-gen [Trj]

How to remove Bulz.294900 (B)?

Bulz.294900 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment