Malware

Bulz.35388 (file analysis)

Malware Removal

The Bulz.35388 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.35388 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

Related domains:

lwken.com

How to determine Bulz.35388?



File Info:

name: FDE4127D65441965FA5F.mlw
path: /opt/CAPEv2/storage/binaries/abdecd0932d78b42c347b13aa9786d6483a167904b03bd8f5867c93dfcf8e46e
crc32: 2A3A1085
md5: fde4127d65441965fa5f4ce5b63a6c30
sha1: e1a43004e65450918539aba021be2bef22ec219f
sha256: abdecd0932d78b42c347b13aa9786d6483a167904b03bd8f5867c93dfcf8e46e
sha512: 9267ca1906346ca791e393fb0fc85cac3aea994d5acbc321129ba8beb8363661f3671eb42d519a616cac25abd3491bb67e04aff21bc1da6d9ca3e75eebfbdb29
ssdeep: 384:Kzszdkp5NBuRZXctMGha+QuEz4pM0wCW/WG:KoJc5NcYuOhX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14E721A19B3B84368DABA0F799CB192554675F602D932CFAC5C54048E58B3F80CD12F7B
sha3_384: 58fa55071ec3810e9b3c0865617f501e35b284b1f21d4abf4a00ff9ca4530d54e03d405b92162ef52e70933a446a0a28
ep_bytes: ff250020400000000000000000000000
timestamp: 2010-07-27 14:21:04


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Microsoft
FileDescription: DownloadExecuterNoWin
FileVersion: 1.0.0.0
InternalName: DownloadExecuterNoWin.exe
LegalCopyright: Copyright © Microsoft 2010
OriginalFilename: DownloadExecuterNoWin.exe
ProductName: DownloadExecuterNoWin
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Bulz.35388 also known as:

LionicWorm.Win32.Mytob.p!c
MicroWorld-eScanGen:Variant.Bulz.35388
ALYacGen:Variant.Bulz.35388
CylanceUnsafe
ZillyaTrojan.NAO.Win32.16
SangforWorm.Win32.Mytob.vkr
K7AntiVirusTrojan ( 001a8be41 )
AlibabaWorm:Win32/Mytob.a757dabf
K7GWTrojan ( 001a8be41 )
Cybereasonmalicious.d65441
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanClicker.NAO
APEXMalicious
Paloaltogeneric.ml
KasperskyNet-Worm.Win32.Mytob.vkr
BitDefenderGen:Variant.Bulz.35388
NANO-AntivirusTrojan.Win32.Mytob.jazhpr
AvastWin32:Malware-gen
TencentWin32.Worm-net.Mytob.Eilg
Ad-AwareGen:Variant.Bulz.35388
SophosMal/Generic-S
TrendMicroTROJ_GEN.R002C0WIG21
McAfee-GW-EditionRDN/Mytob.gen@MM
FireEyeGen:Variant.Bulz.35388
EmsisoftGen:Variant.Bulz.35388 (B)
GDataGen:Variant.Bulz.35388
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1130454
Antiy-AVLWorm[Net]/Win32.Mytob
ArcabitTrojan.Bulz.D8A3C
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Worm/Win32.Mytob.R231594
McAfeeRDN/Mytob.gen@MM
MAXmalware (ai score=83)
VBA32TScope.Trojan.MSIL
TrendMicro-HouseCallTROJ_GEN.R002C0WIG21
YandexWorm.Mytob!S0EYptAj4zI
IkarusTrojan.MSIL.TrojanClicker
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Generic.AP.3BCAF4!tr
BitDefenderThetaGen:NN.ZemsilF.34294.bm0@aO2kuLc
AVGWin32:Malware-gen

How to remove Bulz.35388?

Bulz.35388 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment