Categories: Malware

Bulz.459220 removal tips

The Bulz.459220 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.459220 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics
Uses Windows utilities for basic functionality
Sniffs keystrokes
Creates known Njrat/Bladabindi RAT registry keys

How to determine Bulz.459220?


File Info:
name: 173FFA56E695406EA636.mlwpath: /opt/CAPEv2/storage/binaries/9f29701ab823a8274b9b9065e81e3678df966aa5148570c3144962742c72ef87crc32: F83B8387md5: 173ffa56e695406ea63608b5277b7833sha1: 0c992607e6102449913985217b04dd81504ca42bsha256: 9f29701ab823a8274b9b9065e81e3678df966aa5148570c3144962742c72ef87sha512: 0d76f0f62769ec4f1ad3c5aec4d4edccc26e4a8ba0aad817954726fd56fcd0c0e940eeac42a6c3924e2b107ec6c919812e9c5ec44deb24ca5c5e142620f3a604ssdeep: 1536:P4LRyc57vPJ3qnenv/IIN26UcD2ByUdwkGwufVogVI:0npLIwkcD2ByUzGpN3type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12073E64576819371E9BC21B640E3F63413F8A4CF4732C74D2FE9919B29223D3AE4D6A9sha3_384: 46ebcc89f5646ed6875594e06a122bc4b30fa0703c65c5b09b9e12b770f253e73677518be38c95b375eba4603e48e554ep_bytes: ff250020400000000000000000000000timestamp: 2022-01-25 15:40:31
Version Info:
0: [No Data]

Bulz.459220 also known as:

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	BackDoor.Bladabindi.15247
MicroWorld-eScan	Gen:Variant.Bulz.459220
FireEye	Generic.mg.173ffa56e695406e
ALYac	Gen:Variant.Bulz.459220
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
Alibaba	Backdoor:MSIL/Bladabindi.bcc42aeb
K7GW	Trojan ( 700000121 )
Cybereason	malicious.7e6102
BitDefenderTheta	Gen:NN.ZemsilF.34182.emW@aK4R04f
Cyren	W32/Trojan.ZOXY-3664
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Bladabindi.AS
TrendMicro-HouseCall	TROJ_GEN.R014C0DAR22
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Bulz.459220
Tencent	Win32.Trojan.Generic.Dwtr
Emsisoft	Gen:Variant.Bulz.459220 (B)
Baidu	MSIL.Backdoor.Bladabindi.a
TrendMicro	TROJ_GEN.R014C0DAR22
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.lm
Sophos	ML/PE-A + Troj/Bbindi-W
SentinelOne	Static AI – Malicious PE
Avira	TR/Dropper.Gen
MAX	malware (ai score=83)
Microsoft	Backdoor:MSIL/Bladabindi.AJ
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Bulz.459220
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.RL_Generic.C3557577
McAfee	BackDoor-FDNN!173FFA56E695
VBA32	TScope.Trojan.MSIL
Panda	Trj/GdSda.A
APEX	Malicious
Rising	Backdoor.Njrat!1.9E49 (CLASSIC)
Ikarus	Trojan.Dropper
eGambit	Unsafe.AI_Score_100%
Fortinet	MSIL/Bladabindi.AS!tr
AVG	MSIL:Bladabindi-HE [Trj]
Avast	MSIL:Bladabindi-HE [Trj]
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.300983.susgen