Categories: Malware

Bulz.395779 removal instruction

The Bulz.395779 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.395779 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Creates an autorun.inf file
Authenticode signature is invalid
Anomalous .NET characteristics
Uses Windows utilities for basic functionality
Sniffs keystrokes
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Creates a copy of itself
Anomalous binary characteristics

How to determine Bulz.395779?


File Info:
name: 482597C9C93F12B7C5F6.mlwpath: /opt/CAPEv2/storage/binaries/cdc71c8ff07669a398643a3e24e98573fac447119535846838a8997b16dcf251crc32: 5F244B3Emd5: 482597c9c93f12b7c5f6d8c414254282sha1: 313eef8dd367337ef5a4a4a48f9f094e5409343esha256: cdc71c8ff07669a398643a3e24e98573fac447119535846838a8997b16dcf251sha512: 3447c0194e0e877919c1b8d387bb8837082045d61310101764a28a800fb28d73a73d6f6a2bcf66e1abc098889b4cc9dfac07dfe0b7f0cc715026f8c8eb337794ssdeep: 49152:NA6UnGdQSD0naH0+ShwA6UnGdQSD0naH0+ShwA6UnGdQSD0naH0+ShwA6UnGdQSa:NPh3Ph3Ph3Ph3Ph3Ph3Ph3Ph3Phtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E226E10D7784FA26D87C663BC2E725B4D3714982AA9AD3071E5976EC3C333A3544728Bsha3_384: e357f9ac94d5851f9b3313ba781411994451b9cae649a0588f0b1cab0316208c7c56f1092b2a884b6e472b91e58e29e5ep_bytes: ff250020400000000000000000000000timestamp: 2012-12-10 21:25:28
Version Info:
Translation: 0x0000 0x04b0FileDescription:  FileVersion: 0.0.0.0InternalName: Server.exeLegalCopyright:  OriginalFilename: Server.exeProductVersion: 0.0.0.0Assembly Version: 0.0.0.0

Bulz.395779 also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader8.35656
MicroWorld-eScan	Gen:Variant.Bulz.395779
FireEye	Generic.mg.482597c9c93f12b7
McAfee	Artemis!2BDFC787A10C
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
K7GW	Trojan ( 700000121 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZemsilF.34084.@p3@aeCUyog
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Packed.CodeWall.B suspicious
ClamAV	Win.Packed.Zapchast-6887881-0
Kaspersky	HEUR:Backdoor.MSIL.Generic
BitDefender	Gen:Variant.Bulz.395779
Avast	MSIL:GenMalicious-RS [Trj]
Ad-Aware	Gen:Variant.Bulz.395779
Sophos	Troj/MSIL-PP
McAfee-GW-Edition	BehavesLike.Win32.Generic.rc
Emsisoft	Gen:Variant.Bulz.395779 (B)
Ikarus	PUA.MSIL.CodeWall
GData	Gen:Variant.Bulz.395779
Jiangmin	Trojan.Generic.lsvo
Avira	TR/Barys.4458979
Antiy-AVL	Trojan/Generic.ASMalwS.13D6D0
Arcabit	Trojan.Bulz.D60A03
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Disfa.C4830606
ALYac	Gen:Variant.Bulz.395779
MAX	malware (ai score=83)
Malwarebytes	Trojan.Agent
APEX	Malicious
SentinelOne	Static AI – Malicious PE
AVG	MSIL:GenMalicious-RS [Trj]
Cybereason	malicious.9c93f1