Malware

Bulz.421593 removal instruction

Malware Removal

The Bulz.421593 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.421593 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Bulz.421593?



File Info:

name: 7F8B9DAF2FA5B5A1AE3B.mlw
path: /opt/CAPEv2/storage/binaries/6ed937695d566752c2e867f229dfbfc78ffeda151b1e056030139183fd7c7f93
crc32: A31C3957
md5: 7f8b9daf2fa5b5a1ae3be64fc8193921
sha1: a03bbf9dfea2192820dd0cdee27f02b5dfa61de5
sha256: 6ed937695d566752c2e867f229dfbfc78ffeda151b1e056030139183fd7c7f93
sha512: 07e0e03fd8dcf2f5e729710e7550ea83e5555538209cdc2c726cea56c7f3601029385a289837158f5fe9e72da1d8bcc60a89a4775c1feda57797ecb747759601
ssdeep: 6144:ceqnYTMhThYwv9KgjmZTK3KAftQ9Nlh6c5MESmoomqfONhYJ:ceqvh9XcAf+Kc55Dooa2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19B6422C5B7D8C271CB9DEB32546122C11B7257217856CBFF3CA492FA3D9B288869017B
sha3_384: 07a5b85da3460c655ece6c0cb04be5e06fb1a19ede85a4e0c73a149c7fe4d7c83c35f2a648dbe92b62efd56401a3637c
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-07-20 17:34:22


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: WindowsApplication2
FileVersion: 1.0.0.0
InternalName: WindowsApplication2.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: WindowsApplication2.exe
ProductName: WindowsApplication2
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Bulz.421593 also known as:

BkavW32.AIDetectNet.01
MicroWorld-eScanGen:Variant.Bulz.421593
FireEyeGeneric.mg.7f8b9daf2fa5b5a1
ALYacGen:Variant.Bulz.421593
CylanceUnsafe
VIPREGen:Variant.Bulz.421593
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004f751c1 )
K7GWTrojan ( 004f751c1 )
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Kryptik.HDG
APEXMalicious
KasperskyHEUR:Trojan-Spy.MSIL.Downeks.gen
BitDefenderGen:Variant.Bulz.421593
Ad-AwareGen:Variant.Bulz.421593
SophosMal/Generic-S
DrWebBackDoor.Quasar.1
TrendMicroTROJ_GEN.R014C0WGL22
McAfee-GW-EditionArtemis
EmsisoftGen:Variant.Bulz.421593 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bulz.421593
AviraTR/Dropper.Gen
ArcabitTrojan.Bulz.D66ED9
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!7F8B9DAF2FA5
MAXmalware (ai score=83)
MalwarebytesMachineLearning/Anomalous.97%
TrendMicro-HouseCallTROJ_GEN.R014C0WGL22
RisingTrojan.Generic/MSIL@AI.98 (RDM.MSIL:Uvo/QdRiW8CpMu/enJXZzw)
IkarusTrojan.MSIL.CryptoObfuscator
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.HDG!tr
BitDefenderThetaGen:NN.ZemsilF.34806.tm0@a8dW2we
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Bulz.421593?

Bulz.421593 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment