Categories: Malware

About “Bulz.295509” infection

The Bulz.295509 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.295509 virus can do?

Executable code extraction
Creates RWX memory
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Tswana
The executable is compressed using UPX
Looks up the external IP address
Installs itself for autorun at Windows startup
Creates a hidden or system file
Network activity detected but not expressed in API logs
Creates a copy of itself
Anomalous binary characteristics

Related domains:

admex175x.xyz

servx278x.xyz

api.ipify.org

How to determine Bulz.295509?


File Info:
crc32: 1BEE504Bmd5: 5cf78f9e7f647f4175229c845d7f7bcename: 5CF78F9E7F647F4175229C845D7F7BCE.mlwsha1: ceeffe611db559fd264539cdf77583e3ea77409esha256: 6b4577ced437b47326f3f3e41cdec64a49e4ac82040c310a6e1295cd10cb7afesha512: add3da607d702b7d82f2ec87c23d9ee9ef6985821e9a3979f28060e26126f1fce26f54b4d0552ce432734ec80381c99e8a08c2d7c6f429f842e7595abadf267cssdeep: 1536:HLxSahHlBvdZPkZDpe5A7ANlHw8GbzvRunZVv3kZ6h2c6Inst+2d0wGPhk6kokKy:HcafZcKicHw8ZZ73cd0RZcdKytype: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
Version Info:
InternalName: triwilbifor.acsFileVersion: 6.26.361Copyright: Copyrighz (C) 2020, vodkafullProductVersion: 1.0.15TranslationUsa: 0x0273 0x054e

Bulz.295509 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader40.50184
ClamAV	Win.Dropper.Bunitu-9819420-0
ALYac	Gen:Variant.Bulz.295509
Cylance	Unsafe
Zillya	Trojan.Zenpak.Win32.6897
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Cyren	W32/Trojan.QRSL-9241
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HINV
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Zenpak.vho
BitDefender	Gen:Variant.Bulz.295509
MicroWorld-eScan	Gen:Variant.Bulz.295509
Ad-Aware	Gen:Variant.Bulz.295509
Sophos	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZexaF.34170.nmLfaK3jgWfG
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
FireEye	Generic.mg.5cf78f9e7f647f41
Emsisoft	Gen:Variant.Bulz.295509 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Zenpak.icg
Avira	HEUR/AGEN.1140248
eGambit	Unsafe.AI_Score_84%
Antiy-AVL	Trojan/Generic.ASCommon.1E7
Microsoft	Ransom:Win32/StopCrypt.MYK!MTB
GData	Gen:Variant.Bulz.295509
AhnLab-V3	Trojan/Win32.Injector.R361893
Acronis	suspicious
McAfee	GenericRXAA-AA!5CF78F9E7F64
MAX	malware (ai score=82)
VBA32	BScope.Trojan.Caynamer
Malwarebytes	Trojan.MalPack.GS
Rising	Trojan.Kryptik!1.CFEE (CLASSIC)
Yandex	Trojan.Zenpak!IgvnNe0m7G4
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.111996258.susgen
Fortinet	W32/Kryptik.HIFA!tr
AVG	Win32:DropperX-gen [Drp]