Categories: Malware

How to remove “Bulz.422173”?

The Bulz.422173 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.422173 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Bulz.422173?


File Info:
name: 2BF55ED11F1AEEB11ECE.mlwpath: /opt/CAPEv2/storage/binaries/a8a116d165096d35deb65a05b4fd7ee6a110fcbc74091d3cd861d9375e5cb2d2crc32: 7F840F8Cmd5: 2bf55ed11f1aeeb11eced3b53a17055csha1: 9f3986baa789c0a4af0ed21b74aff6fe6cf9a738sha256: a8a116d165096d35deb65a05b4fd7ee6a110fcbc74091d3cd861d9375e5cb2d2sha512: 6fe53e54f9d3b41ecb07d5c96be5ea9f1319e9cbf4d197960f706d8b2d517896a473effe15b8304b4c67dc5fa129c603190de9f898324fbbe520cdd076c92f24ssdeep: 3072:e476mzEw2OgKpwPKK2tZKzt0FkhXg5nKQvYj8j6LiP:/6qEPGFwXcS86mtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T10674875C2290E0FDD95352B6993832C931137E35AF944F9AEEAE71BD8C3640B4E331A5sha3_384: 98db890ca48c26c399456f0b24e73ac0a1c74488f3a341b027ddfd15fbc512d647b6fb03889dcc674b8bc912f74557c0ep_bytes: ff250020400000000000000000000000timestamp: 2021-04-06 10:53:08
Version Info:
Translation: 0x0000 0x04b0Comments: CompanyName: FileDescription: BinzulmaFileVersion: 2.5.8.9InternalName: Binzulma.exeLegalCopyright: Copyright ©  2021LegalTrademarks: OriginalFilename: Binzulma.exeProductName: BinzulmaProductVersion: 2.5.8.9Assembly Version: 3.5.1.6

Bulz.422173 also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.MSIL.Agobot.m!c
MicroWorld-eScan	Gen:Variant.Bulz.422173
FireEye	Gen:Variant.Bulz.422173
ALYac	Gen:Variant.Bulz.422173
Cylance	Unsafe
VIPRE	Gen:Variant.Bulz.422173
Alibaba	Backdoor:MSIL/Agobot.0c10e089
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Adware.CsdiMonetize.BJ
APEX	Malicious
Kaspersky	HEUR:Backdoor.MSIL.Agobot.gen
BitDefender	Gen:Variant.Bulz.422173
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Gen:Variant.Bulz.422173
Zillya	Adware.CsdiMonetize.Win32.4752
Emsisoft	Gen:Variant.Bulz.422173 (B)
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Bulz.422173
Jiangmin	Backdoor.MSIL.emfm
Webroot	W32.Malware.Gen
Avira	HEUR/AGEN.1235191
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.C4406891
Acronis	suspicious
McAfee	Artemis!2BF55ED11F1A
MAX	malware (ai score=85)
Malwarebytes	Adware.Csdimonetize
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:XblGevUYevV2u92lr1xCTg)
Ikarus	Trojan.Bsymem
MaxSecure	Trojan.Malware.102170040.susgen
Fortinet	Riskware/AgoBot
BitDefenderTheta	Gen:NN.ZemsilF.34806.wm0@aKTHRf
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (W)