Categories: Malware

Bulz.399415 (B) removal instruction

The Bulz.399415 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.399415 (B) virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Guard pages use detected – possible anti-debugging.
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
Created a process from a suspicious location
Installs itself for autorun at Windows startup

How to determine Bulz.399415 (B)?


File Info:
name: 3A6B7D2A6AF77D20F5E1.mlwpath: /opt/CAPEv2/storage/binaries/8d48c2daa141fce53b46fb8849d9f7e93f498620d5a80c3067396a1932429192crc32: E69ADFB1md5: 3a6b7d2a6af77d20f5e1ba480c8012basha1: 9daa9b7b3935cb2860d3888b81956f5d6b936d41sha256: 8d48c2daa141fce53b46fb8849d9f7e93f498620d5a80c3067396a1932429192sha512: 6a60cd3f20f53e1d111c2379bac92a1039d1da927df9b4806e3b11ae03b4e70691d53cacba668f339c904106834e07fcfc75adc66f61cc411ac04f7fce5e6202ssdeep: 1536:WofJ8i39vlWqiqKzoTGWwQUxl8AgA0qgw4+pjd7mJp5JBOKhJ1FB1vBG:lfVJlWqEcqFQU78AgAngw4+pjd7mJp5Ytype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D3635C0CB3D44639DEEE46B9F877022642B1E186BA23D75F4C9E50A92E737C04751BE2sha3_384: 95fc594e9a934b5b370a7870ccfbbcb0c6e82e0b191aede69cb407ef974b4d11505ea33aeb69672570555c8b40c8413fep_bytes: ff250020400000000000000000000000timestamp: 2011-12-09 19:31:50
Version Info:
Translation: 0x0000 0x04b0CompanyName: HomeFileDescription: WindowsFormsApplication4FileVersion: 1.0.0.0InternalName: WindowsFormsApplication4.exeLegalCopyright: Copyright © Home 2011OriginalFilename: WindowsFormsApplication4.exeProductName: WindowsFormsApplication4ProductVersion: 1.0.0.0Assembly Version: 1.0.0.0

Bulz.399415 (B) also known as:

Lionic	Trojan.MSIL.Agent.7!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Bulz.399415
FireEye	Generic.mg.3a6b7d2a6af77d20
ALYac	Gen:Variant.Bulz.399415
Cylance	Unsafe
Sangfor	Trojan.MSIL.Agent.gen
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanBanker:MSIL/Generic.53a99556
K7GW	Trojan ( 00581f921 )
K7AntiVirus	Trojan ( 00581f921 )
Cyren	W32/MSIL_Agent.DJC.gen!Eldorado
ESET-NOD32	a variant of MSIL/Agent.UCB
TrendMicro-HouseCall	TROJ_GEN.R002C0WFE22
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Banker.MSIL.Agent.gen
BitDefender	Gen:Variant.Bulz.399415
Avast	Win32:Malware-gen
Tencent	Msil.Trojan-banker.Agent.Lkxv
Ad-Aware	Gen:Variant.Bulz.399415
DrWeb	Trojan.DownLoader6.42044
Zillya	Trojan.Agent.Win32.2799557
TrendMicro	TROJ_GEN.R002C0WFE22
McAfee-GW-Edition	RDN/PWS-Banker
Emsisoft	Gen:Variant.Bulz.399415 (B)
GData	Gen:Variant.Bulz.399415
Jiangmin	Trojan.MSIL.lwdq
Avira	TR/MSIL.Agent.job
MAX	malware (ai score=81)
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win32.RL_Agent.C3980348
McAfee	RDN/PWS-Banker
TACHYON	Banker/W32.DN-Agent.69632
Malwarebytes	Malware.AI.3767711768
Ikarus	Trojan.MSIL.Agent
Yandex	Trojan.Agent!oHO3QyXIJoo
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.770480.susgen
Fortinet	MSIL/Agent.UCB!tr
AVG	Win32:Malware-gen
Cybereason	malicious.a6af77
Panda	Generic Malware