Categories: Malware

How to remove “Bulz.432397”?

The Bulz.432397 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.432397 virus can do?

A file was accessed within the Public folder.
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (inter-process)
CAPE detected the NetWire malware family
Creates a copy of itself
Deletes executed files from disk
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine Bulz.432397?


File Info:
name: 7A6A6B35D4BC575897A1.mlwpath: /opt/CAPEv2/storage/binaries/d15f99dbd30bae6e896c52a810fbcba080ae3ba76f3fc0d9a7761c5736ec7c81crc32: 78095810md5: 7a6a6b35d4bc575897a1420134afc96asha1: 9c5e87ce87b70a52f57097172c2babde2021454bsha256: d15f99dbd30bae6e896c52a810fbcba080ae3ba76f3fc0d9a7761c5736ec7c81sha512: b879c2bf81017f8f97d4db3b458d6f3ff6eb1acb6e28394d9a292d58e83194857c6c5981378170e81d383340eb3eff42d2d64ce54ebd7a3e7357988428da5d2essdeep: 3072:k/0CVy40hsbOeOyupBfOP8S6Uj9Av0fEdiFxFXwElgdEA/fLpujDqTrk3mjcqfZ:kswhwyJLjzfiib53W/fLpsDq/k7qftype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BB04124DC3DA901DCE28817B79F2472D9EB2DF1338838653B2DECA431B94660E943A1Dsha3_384: 391d03f15c76e2a4322805928a77faca4597ec8e74bcdbfbf3c7261beb42d176f6ca447c29cf3edd50cc236ce6677b0dep_bytes: ff250020400000000000000000000000timestamp: 2017-03-31 09:18:23
Version Info:
Comments: Translation: 0x0000 0x04b0

Bulz.432397 also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen21.589
MicroWorld-eScan	Gen:Variant.Bulz.432397
Skyhigh	BehavesLike.Win32.Trojan.ch
McAfee	Packed-XL!7A6A6B35D4BC
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Trojan.Kryptik.Win32.4291776
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
Alibaba	Trojan:MSIL/Kryptik.43882cd7
K7GW	Trojan ( 700000121 )
BitDefenderTheta	Gen:NN.ZemsilF.36802.km0@auOMA9kG
VirIT	Trojan.Win32.Genus.RPB
Symantec	Trojan Horse
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Kryptik.MFL
APEX	Malicious
TrendMicro-HouseCall	Backdoor.Win32.NETWIRE.YXDKMZ
ClamAV	Win.Trojan.Agent-6418378-1
Kaspersky	HEUR:Trojan.MSIL.Generic
BitDefender	Gen:Variant.Bulz.432397
NANO-Antivirus	Trojan.Win32.Kryptik.ewzulb
Avast	Win32:Malware-gen
Tencent	Msil.Trojan.Generic.Rimw
Sophos	Mal/Generic-S
Google	Detected
F-Secure	Heuristic.HEUR/AGEN.1314420
VIPRE	Gen:Variant.Bulz.432397
TrendMicro	Backdoor.Win32.NETWIRE.YXDKMZ
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.7a6a6b35d4bc5758
Emsisoft	Gen:Variant.Bulz.432397 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.dplxx
Varist	W32/MSIL_Injector.OH.gen!Eldorado
Avira	HEUR/AGEN.1314420
MAX	malware (ai score=95)
Antiy-AVL	Trojan/Win32.AGeneric
Kingsoft	malware.kb.c.1000
Microsoft	Trojan:MSIL/Tnega!MSR
Xcitium	Malware@#1d95q5a4blgpm
Arcabit	Trojan.Bulz.D6990D
ZoneAlarm	HEUR:Trojan.MSIL.Generic
GData	Gen:Variant.Bulz.432397
AhnLab-V3	Trojan/Win.Generic.C5445959
VBA32	Trojan.Wacatac
ALYac	Gen:Variant.Bulz.432397
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:+88FAsVvVMRGzmXbQNZNWg)
Yandex	Trojan.Agent!xH6B7rwWT3Q
Ikarus	Trojan.MSIL.Inject
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	MSIL/Injector.SZD!tr
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan:MSIL/Kryptik.MFL