Malware

How to remove “Bulz.432397”?

Malware Removal

The Bulz.432397 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.432397 virus can do?

  • A file was accessed within the Public folder.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the NetWire malware family
  • Creates a copy of itself
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Bulz.432397?



File Info:

name: 7A6A6B35D4BC575897A1.mlw
path: /opt/CAPEv2/storage/binaries/d15f99dbd30bae6e896c52a810fbcba080ae3ba76f3fc0d9a7761c5736ec7c81
crc32: 78095810
md5: 7a6a6b35d4bc575897a1420134afc96a
sha1: 9c5e87ce87b70a52f57097172c2babde2021454b
sha256: d15f99dbd30bae6e896c52a810fbcba080ae3ba76f3fc0d9a7761c5736ec7c81
sha512: b879c2bf81017f8f97d4db3b458d6f3ff6eb1acb6e28394d9a292d58e83194857c6c5981378170e81d383340eb3eff42d2d64ce54ebd7a3e7357988428da5d2e
ssdeep: 3072:k/0CVy40hsbOeOyupBfOP8S6Uj9Av0fEdiFxFXwElgdEA/fLpujDqTrk3mjcqfZ:kswhwyJLjzfiib53W/fLpsDq/k7qf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BB04124DC3DA901DCE28817B79F2472D9EB2DF1338838653B2DECA431B94660E943A1D
sha3_384: 391d03f15c76e2a4322805928a77faca4597ec8e74bcdbfbf3c7261beb42d176f6ca447c29cf3edd50cc236ce6677b0d
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-03-31 09:18:23


Version Info:

Comments: 
Translation: 0x0000 0x04b0

Bulz.432397 also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen21.589
MicroWorld-eScanGen:Variant.Bulz.432397
SkyhighBehavesLike.Win32.Trojan.ch
McAfeePacked-XL!7A6A6B35D4BC
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Kryptik.Win32.4291776
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
AlibabaTrojan:MSIL/Kryptik.43882cd7
K7GWTrojan ( 700000121 )
BitDefenderThetaGen:NN.ZemsilF.36802.km0@auOMA9kG
VirITTrojan.Win32.Genus.RPB
SymantecTrojan Horse
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Kryptik.MFL
APEXMalicious
TrendMicro-HouseCallBackdoor.Win32.NETWIRE.YXDKMZ
ClamAVWin.Trojan.Agent-6418378-1
KasperskyHEUR:Trojan.MSIL.Generic
BitDefenderGen:Variant.Bulz.432397
NANO-AntivirusTrojan.Win32.Kryptik.ewzulb
AvastWin32:Malware-gen
TencentMsil.Trojan.Generic.Rimw
SophosMal/Generic-S
GoogleDetected
F-SecureHeuristic.HEUR/AGEN.1314420
VIPREGen:Variant.Bulz.432397
TrendMicroBackdoor.Win32.NETWIRE.YXDKMZ
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.7a6a6b35d4bc5758
EmsisoftGen:Variant.Bulz.432397 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.dplxx
VaristW32/MSIL_Injector.OH.gen!Eldorado
AviraHEUR/AGEN.1314420
MAXmalware (ai score=95)
Antiy-AVLTrojan/Win32.AGeneric
Kingsoftmalware.kb.c.1000
MicrosoftTrojan:MSIL/Tnega!MSR
XcitiumMalware@#1d95q5a4blgpm
ArcabitTrojan.Bulz.D6990D
ZoneAlarmHEUR:Trojan.MSIL.Generic
GDataGen:Variant.Bulz.432397
AhnLab-V3Trojan/Win.Generic.C5445959
VBA32Trojan.Wacatac
ALYacGen:Variant.Bulz.432397
Cylanceunsafe
PandaTrj/GdSda.A
RisingMalware.Obfus/[email protected] (RDM.MSIL2:+88FAsVvVMRGzmXbQNZNWg)
YandexTrojan.Agent!xH6B7rwWT3Q
IkarusTrojan.MSIL.Inject
MaxSecureTrojan.Malware.7164915.susgen
FortinetMSIL/Injector.SZD!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan:MSIL/Kryptik.MFL

How to remove Bulz.432397?

Bulz.432397 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment