Malware

Bulz.425080 (file analysis)

Malware Removal

The Bulz.425080 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.425080 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Installs itself for autorun at Windows startup

How to determine Bulz.425080?



File Info:

crc32: E4B5E6F7
md5: e8b8ab8ce3eb712a67386c985aaf12f2
name: E8B8AB8CE3EB712A67386C985AAF12F2.mlw
sha1: e4921dbc5274e3899f74de2da11528401268e58a
sha256: 68a6ab54f77021a6a44b373a321331d2880d575db5727c803b695936f7b4f3a2
sha512: 2fbb9f02efe8b41df406b0c6dd68e23ff1b8d0b8dd57a72de3ff4f500d6058a9ea5a44dd8ef935aa91f2dd0e754f4ca1e37ab463d9d180e4a49dfacf666339a8
ssdeep: 49152:pzOC2ID0ocJH8d4DxyV0dPxChVEdasx7r9JYOEnuG7:0s6Q41yCPgh+EOguG
type: PE32 executable (DLL) (console) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 2001
InternalName: LotvChange
FileVersion: 1, 0, 0, 1
ProductName: LotvChange x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: LotvChange Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: LotvChange.EXE
Translation: 0x0804 0x04b0

Bulz.425080 also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 99)
ALYacGen:Variant.Bulz.425080
CylanceUnsafe
SangforBackdoor.Win32.Farfli.bvic
AlibabaBackdoor:Win32/Farfli.9d24a61a
K7GWTrojan ( 0055da521 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/Kryptik.GXYG
AvastWin32:Trojan-gen
KasperskyBackdoor.Win32.Farfli.bvic
BitDefenderGen:Variant.Bulz.425080
MicroWorld-eScanGen:Variant.Bulz.425080
Ad-AwareGen:Variant.Bulz.425080
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
FireEyeGen:Variant.Bulz.425080
EmsisoftGen:Variant.Bulz.425080 (B)
AviraTR/Crypt.Agent.ofyps
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Bulz.D67C78
AegisLabTrojan.Win32.Farfli.m!c
ZoneAlarmBackdoor.Win32.Farfli.bvic
GDataGen:Variant.Bulz.425080
McAfeeArtemis!E8B8AB8CE3EB
MAXmalware (ai score=83)
MalwarebytesMalware.Heuristic.1003
PandaTrj/GdSda.A
RisingBackdoor.Shellex!1.D217 (C64:YzY0OhQsULMiX7uY)
FortinetW32/Farfli.BVIC!tr.bdr
AVGWin32:Trojan-gen
Paloaltogeneric.ml
Qihoo-360Win32/Backdoor.Farfli.HgkASSgA

How to remove Bulz.425080?

Bulz.425080 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment