Categories: Malware

Bulz.367460 (B) removal guide

The Bulz.367460 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.367460 (B) virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process created a hidden window
Performs some HTTP requests
Unconventionial language used in binary resources: Tatar
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Steals private information from local Internet browsers
Attempts to access Bitcoin/ALTCoin wallets
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Harvests information related to installed mail clients
Anomalous binary characteristics

Related domains:

boltanew.ga

ocsp.digicert.com

crl4.digicert.com

crl3.digicert.com

How to determine Bulz.367460 (B)?


File Info:
crc32: 771F25DAmd5: 5ae9b47fd2a505049a7f6f405f6f512cname: 5AE9B47FD2A505049A7F6F405F6F512C.mlwsha1: fe53ef52e27877450865d074ef2f3e67e2af2ca3sha256: 708c8e26689e83a82460bfcf611f78eaf39ee6e77e12c23ea012489deb57e72csha512: 677ea2876ddf6ba738e7eee769c100264b4eaf850ffbf92dba531d1b0351b43ac235c70500bacea8ddd502aefc133ffa0330e855ca3a9eeb35cac300dfca4ec5ssdeep: 6144:i8aXJfZXvyilyVTP0a713xunmLxHdqarVN/4tBI8w1vty67WC1UOi:i8aZBXvyilyV4a7138nm/qaNYI/vtALtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
InternalName: calinilimodumator.exeFileVersions: 7.0.0.23LegalCopyrights: VsekdagProductVersions: 67.0.20.45Translation: 0x0409 0x1744

Bulz.367460 (B) also known as:

Bkav	W32.AIDetectGBM.malware.01
Elastic	malicious (high confidence)
Qihoo-360	Win32/Trojan.Chapak.HwoCdOQA
McAfee	RDN/Generic.grp
Cylance	Unsafe
AegisLab	Trojan.Multi.Generic.4!c
Sangfor	Trojan.Win32.Save.a
BitDefender	Gen:Variant.Bulz.367460
K7GW	Hacktool ( 700007861 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Bulz.D59B64
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HJOS
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win32/Nymaim.67315b5e
MicroWorld-eScan	Gen:Variant.Bulz.367460
Ad-Aware	Trojan.GenericKDZ.73116
Emsisoft	Gen:Variant.Bulz.367460 (B)
F-Secure	Trojan.TR/AD.PredatorThief.sbepq
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
FireEye	Generic.mg.5ae9b47fd2a50504
Sophos	ML/PE-A
Ikarus	Trojan-Downloader.Win32.Nymaim
Avira	TR/AD.PredatorThief.sbepq
MAX	malware (ai score=86)
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Downloader.sa
Microsoft	Trojan:Win32/Woreflint.A!cl
ZoneAlarm	HEUR:Trojan.Win32.Chapak.gen
GData	Win32.Trojan-Stealer.Predator.RHPTID
AhnLab-V3	Trojan/Win32.Agent.C4344031
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34574.vu0@a40NiLnG
Malwarebytes	Generic.Malware/Suspicious
Rising	Trojan.Woreflint!8.F5EA (CLOUD)
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_98%
Fortinet	Malicious_Behavior.SB
AVG	Win32:BotX-gen [Trj]
Cybereason	malicious.2e2787
Avast	Win32:BotX-gen [Trj]