Malware

What is “Bulz.355872”?

Malware Removal

The Bulz.355872 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.355872 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary

How to determine Bulz.355872?



File Info:

name: 5AF462A359DD91E2CEBA.mlw
path: /opt/CAPEv2/storage/binaries/f8b0c0cadb2185e045ff95cc6894996f180bb820aa053ee5e1289adb4b635f01
crc32: FEEB3C35
md5: 5af462a359dd91e2cebae6695977db41
sha1: 08a6ee0953fe20e220e0da0cacae4d8d7f619ac2
sha256: f8b0c0cadb2185e045ff95cc6894996f180bb820aa053ee5e1289adb4b635f01
sha512: db8432c860757cee67da8bf9b0d97ce278ce33edadbfa82e9a9ed8f2d45b29fd6b20936568ce278e02b4926960c0c106703cf4eee6e7ab391934aa9a6e6ae72a
ssdeep: 49152:TOcdZ1cU+5Wr6BtsEKq01Z6Z71Z4pRqr26h8znAVd22:N1cx6+HKFZ6DYqrxQAVd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T187750225F2F54033D2726FBE5AD6B0BF7B2F7B116D185886A8F01E0CD3A93517A11682
sha3_384: d1842f8f9e95dc61dd275c6eaf9b7d5493b3841a0ac54add6345d09bab9f970896f398e70c46170e93459b76c7dbecfd
ep_bytes: 558bec6aff687091580068cc36580064
timestamp: 2021-02-12 20:05:35


Version Info:

CompanyName: Adaptec Incorporated
FileDescription: Adaptec RAID Code API Library
FileVersion: 2.06.00
InternalName: afaapi.exe
LegalCopyright: (c) Copyright Adaptec, Inc. 2002 to 2007. All Rights Reserved.
OriginalFilename: afaapi.exe
ProductName: Adaptec Storage Manager
ProductVersion: 2.06.00
Translation: 0x0409 0x04b0

Bulz.355872 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.355872
FireEyeGeneric.mg.5af462a359dd91e2
CAT-QuickHealPUA.RIH.S18695130
McAfeeGenericRXNQ-ZO!5AF462A359DD
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (W)
K7GWHacktool ( 700007861 )
CyrenW32/Kryptik.DIW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HJDJ
APEXMalicious
AvastWin32:AdwareX-gen [Adw]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Downloader.Win32.Razy.vho
BitDefenderGen:Variant.Bulz.355872
SUPERAntiSpywareTrojan.Agent/Gen-Bulz
Ad-AwareGen:Variant.Bulz.355872
EmsisoftGen:Variant.Bulz.355872 (B)
DrWebTrojan.Siggen12.8270
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S
GDataGen:Variant.Bulz.355872
AviraHEUR/AGEN.1142521
Antiy-AVLTrojan/Generic.ASMalwS.315D997
MicrosoftTrojan:Win32/Wacatac.B!ml
TACHYONTrojan-Downloader/W32.Razy.1629184
AhnLab-V3Trojan/Win.Reputation.R420906
BitDefenderThetaGen:NN.ZexaF.34062.Jz0@aC48yalj
ALYacGen:Variant.Bulz.355872
MAXmalware (ai score=82)
VBA32BScope.Trojan.Wacatac
MalwarebytesAdware.DownloadAssistant
RisingMalware.Heuristic!ET#93% (RDMK:cmRtazqdu/1dSWDMUfl8Kvpb3hBE)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.DYKG!tr
AVGWin32:AdwareX-gen [Adw]
PandaTrj/Genetic.gen

How to remove Bulz.355872?

Bulz.355872 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment