Categories: Malware

Bulz.461935 (B) (file analysis)

The Bulz.461935 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.461935 (B) virus can do?

Executable code extraction
Compression (or decompression)
Attempts to connect to a dead IP:Port (4 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
At least one IP Address, Domain, or File Name was found in a crypto call
Starts servers listening on 127.0.0.1:14656
Unconventionial language used in binary resources: Malay (Brunei Darussalam)
The binary likely contains encrypted or compressed data.
Deletes its original binary from disk
Steals private information from local Internet browsers
Collects information about installed applications
Likely virus infection of existing system binary
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Bulz.461935 (B)?


File Info:
crc32: 4FF9886Fmd5: 03df70db0b90c5d3bb0b14191375e015name: 03DF70DB0B90C5D3BB0B14191375E015.mlwsha1: 42da040a39f4cff75153daa218087f6c578880cesha256: 6001dfc2126fc60136ec22c0a5aac03ff537c7ea1035d424edd83903abeb9981sha512: a180f6fcdc38017a03df56e6315f2a021c9efbdca0a8d4cc28789f67a5d2f8c93a116ada7c31a1201076be9903e52dfde9b4b4bd7c20ee1b0822f1aea3086ec2ssdeep: 98304:xT65EZhmqRq+gkSTs+xYRW0ABl3IbfX975PwJuYJRyvmEPPsXUpS3W51iGSf:xOyRqTs/RW0AAbrjY29PPsEpKWSGstype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
ProductVersus: 1.9.37.29FileVersion: 1.0.52.18Translations: 0x0386 0x0172

Bulz.461935 (B) also known as:

Elastic	malicious (high confidence)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
BitDefender	Gen:Variant.Bulz.461935
Cyren	W32/Kryptik.EAC.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Cynet	Malicious (score: 100)
MicroWorld-eScan	Gen:Variant.Bulz.461935
Ad-Aware	Gen:Variant.Bulz.461935
Sophos	ML/PE-A + Mal/GandCrypt-A
BitDefenderTheta	Gen:NN.ZexaF.34688.@x0@a0wTSBhO
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.vc
FireEye	Generic.mg.03df70db0b90c5d3
Emsisoft	Gen:Variant.Bulz.461935 (B)
SentinelOne	Static AI – Malicious PE
Avira	TR/Crypt.XPACK.Gen3
eGambit	Unsafe.AI_Score_100%
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Bulz.461935
VBA32	BScope.Backdoor.Convagent
MAX	malware (ai score=86)
Ikarus	Trojan.Win32.Azorult