Malware

Bulz.315998 (B) removal tips

Malware Removal

The Bulz.315998 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Bulz.315998 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Bulz.315998 (B)?


File Info:

name: B486A6A38E5CF2C05340.mlw
path: /opt/CAPEv2/storage/binaries/cfb7be8ca68ae5764fc7388c7de981c32d2bf7f3340cf857e1d877b931cdfbfd
crc32: DA25E104
md5: b486a6a38e5cf2c0534098855a30e16c
sha1: 927eae777aebfcc9055849fb763ebf4e1fe3a8ae
sha256: cfb7be8ca68ae5764fc7388c7de981c32d2bf7f3340cf857e1d877b931cdfbfd
sha512: ac60e009da64204ea4fc38eefd75b023a3d1af2a7ccd42c497f9f4ccd8a1098e20f922e56125bf6cc720f003c653a75d455a84ea85d627a87933361f4e61ec95
ssdeep: 1536:13KZ//57hP/9m71HOOJo7U6RNu683vL0peOf7CXZ:136r381Jo3u6w7D
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13F732A5EBB62E944CD4C0F77C557F48842E9A7A7F423F23F91C41DA32D32889864BA90
sha3_384: 07b7c0cf9db61bba8f4ef92d18cda809f7d7bbb3de8a251fa6baae30bfae033e56e3d711203c14541c6744dfc8e65df8
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-12-10 10:14:03

Version Info:

0: [No Data]

Bulz.315998 (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.315998
ALYacGen:Variant.Bulz.315998
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 700000121 )
K7AntiVirusTrojan ( 700000121 )
BaiduMSIL.Backdoor.Bladabindi.a
CyrenW32/MSIL_Bladabindi.FB.gen!Eldorado
SymantecMSIL.Trojan!gen2
ESET-NOD32a variant of MSIL/Bladabindi.BG
APEXMalicious
ClamAVWin.Packed.Bladabindi-6917466-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Bulz.315998
Ad-AwareGen:Variant.Bulz.315998
ComodoTrojWare.MSIL.Bladabindi.BGS@7lngf6
DrWebBackDoor.BladabindiNET.19
McAfee-GW-EditionBehavesLike.Win32.Generic.lm
FireEyeGeneric.mg.b486a6a38e5cf2c0
EmsisoftGen:Variant.Bulz.315998 (B)
IkarusTrojan.MSIL.Bladabindi
GDataGen:Variant.Bulz.315998
JiangminTrojan/Refroso.dep
AviraTR/Dropper.Gen7
ArcabitTrojan.Bulz.D4D25E
MicrosoftBackdoor:MSIL/Bladabindi.AL
CynetMalicious (score: 100)
Acronissuspicious
McAfeeBackDoor-FDNN!B486A6A38E5C
MAXmalware (ai score=80)
MalwarebytesBackdoor.Bladabindi
RisingBackdoor.Njrat!1.9E49 (CLASSIC)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetMSIL/Bladabindi.Q!tr
BitDefenderThetaGen:NN.ZemsilF.34084.emW@am6l@7f
AVGWin32:RATX-gen [Trj]
AvastWin32:RATX-gen [Trj]

How to remove Bulz.315998 (B)?

Bulz.315998 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment