Malware

Bulz.399415 (B) removal instruction

Malware Removal

The Bulz.399415 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.399415 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine Bulz.399415 (B)?



File Info:

name: 3A6B7D2A6AF77D20F5E1.mlw
path: /opt/CAPEv2/storage/binaries/8d48c2daa141fce53b46fb8849d9f7e93f498620d5a80c3067396a1932429192
crc32: E69ADFB1
md5: 3a6b7d2a6af77d20f5e1ba480c8012ba
sha1: 9daa9b7b3935cb2860d3888b81956f5d6b936d41
sha256: 8d48c2daa141fce53b46fb8849d9f7e93f498620d5a80c3067396a1932429192
sha512: 6a60cd3f20f53e1d111c2379bac92a1039d1da927df9b4806e3b11ae03b4e70691d53cacba668f339c904106834e07fcfc75adc66f61cc411ac04f7fce5e6202
ssdeep: 1536:WofJ8i39vlWqiqKzoTGWwQUxl8AgA0qgw4+pjd7mJp5JBOKhJ1FB1vBG:lfVJlWqEcqFQU78AgAngw4+pjd7mJp5Y
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D3635C0CB3D44639DEEE46B9F877022642B1E186BA23D75F4C9E50A92E737C04751BE2
sha3_384: 95fc594e9a934b5b370a7870ccfbbcb0c6e82e0b191aede69cb407ef974b4d11505ea33aeb69672570555c8b40c8413f
ep_bytes: ff250020400000000000000000000000
timestamp: 2011-12-09 19:31:50


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Home
FileDescription: WindowsFormsApplication4
FileVersion: 1.0.0.0
InternalName: WindowsFormsApplication4.exe
LegalCopyright: Copyright © Home 2011
OriginalFilename: WindowsFormsApplication4.exe
ProductName: WindowsFormsApplication4
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Bulz.399415 (B) also known as:

LionicTrojan.MSIL.Agent.7!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.399415
FireEyeGeneric.mg.3a6b7d2a6af77d20
ALYacGen:Variant.Bulz.399415
CylanceUnsafe
SangforTrojan.MSIL.Agent.gen
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanBanker:MSIL/Generic.53a99556
K7GWTrojan ( 00581f921 )
K7AntiVirusTrojan ( 00581f921 )
CyrenW32/MSIL_Agent.DJC.gen!Eldorado
ESET-NOD32a variant of MSIL/Agent.UCB
TrendMicro-HouseCallTROJ_GEN.R002C0WFE22
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Banker.MSIL.Agent.gen
BitDefenderGen:Variant.Bulz.399415
AvastWin32:Malware-gen
TencentMsil.Trojan-banker.Agent.Lkxv
Ad-AwareGen:Variant.Bulz.399415
DrWebTrojan.DownLoader6.42044
ZillyaTrojan.Agent.Win32.2799557
TrendMicroTROJ_GEN.R002C0WFE22
McAfee-GW-EditionRDN/PWS-Banker
EmsisoftGen:Variant.Bulz.399415 (B)
GDataGen:Variant.Bulz.399415
JiangminTrojan.MSIL.lwdq
AviraTR/MSIL.Agent.job
MAXmalware (ai score=81)
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.RL_Agent.C3980348
McAfeeRDN/PWS-Banker
TACHYONBanker/W32.DN-Agent.69632
MalwarebytesMalware.AI.3767711768
IkarusTrojan.MSIL.Agent
YandexTrojan.Agent!oHO3QyXIJoo
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.770480.susgen
FortinetMSIL/Agent.UCB!tr
AVGWin32:Malware-gen
Cybereasonmalicious.a6af77
PandaGeneric Malware

How to remove Bulz.399415 (B)?

Bulz.399415 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment