Malware

Bulz.352936 (file analysis)

Malware Removal

The Bulz.352936 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.352936 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Forces a created process to be the child of an unrelated process
  • Uses suspicious command line tools or Windows utilities

How to determine Bulz.352936?



File Info:

name: 798890A545E19609E92F.mlw
path: /opt/CAPEv2/storage/binaries/eb0e83925b2dda4cf224d4b56eec06c4935cc84178250969149fc35978815750
crc32: 240D5C07
md5: 798890a545e19609e92ff1f19ee59234
sha1: 66bfc565605e18ea1a92252f3af535e48dae4e7c
sha256: eb0e83925b2dda4cf224d4b56eec06c4935cc84178250969149fc35978815750
sha512: 9334d1316c1c5682d44eb9ad31ace3ab79992c12c2806f0ac13bee0050d3f074a8e91d28df3df07fd2bbc9fb44d5bccda80c80d3bfd894e0348d9efb370b1684
ssdeep: 49152:bQT8/U8yygqhu8+T7sIWp1n/FcQGTk5zfo4DUfEXhptON:btUJ78+vsIWb/FcTgzfHIai
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T196B53381CFC811E2E4CA85FE8E2B4D095655A51A2357765F4220DEED382EB2B241DFF3
sha3_384: 1e8aec821948d1c7c8bf1b3b8e9caadd67f2cf82c8bd1504e7e7c6ca38d25651de84e35741b03d2dc2d12e734115685e
ep_bytes: e914a601008d64240c0f82b00100000f
timestamp: 2021-01-15 06:22:03


Version Info:

CompanyName: TODO: 
FileVersion: 1.0.1.5
LegalCopyright: Copyright (C) 2020
ProductName: TODO: 
ProductVersion: 1.0.1.5
Translation: 0x0804 0x04b0

Bulz.352936 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.352936
FireEyeGeneric.mg.798890a545e19609
ALYacGen:Variant.Bulz.352936
CylanceUnsafe
ZillyaTrojan.JakyllHyde.Win32.60
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 003e31731 )
AlibabaTrojan:Win32/JakyllHyde.dd35b3e8
K7GWTrojan ( 003e31731 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.BGTNEHM
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Bulz.352936
NANO-AntivirusTrojan.Win32.JakyllHyde.iwagmk
AvastWin32:TrojanX-gen [Trj]
Ad-AwareGen:Variant.Bulz.352936
DrWebTrojan.Siggen13.45641
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftGen:Variant.Bulz.352936 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.3341901
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Tnega!ml
GDataGen:Variant.Bulz.352936
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4332312
McAfeeArtemis!798890A545E1
MAXmalware (ai score=87)
VBA32Trojan.Wacatac
MalwarebytesMalware.AI.1851164420
RisingTrojan.Generic@ML.84 (RDML:FNLzz+frVwql8nm8IMyifQ)
YandexTrojan.JakyllHyde!yjKZFt6nPKA
IkarusTrojan.Dropper
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/JakyllHyde!tr
BitDefenderThetaGen:NN.ZexaF.34084.nE0@amlpvhnj
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.545e19

How to remove Bulz.352936?

Bulz.352936 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment