Malware

Bulz.462765 (B) malicious file

Malware Removal

The Bulz.462765 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.462765 (B) virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Collects information about installed applications
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine Bulz.462765 (B)?



File Info:

crc32: C451843C
md5: 3edf540c2cac6f08dd893c30ee05e392
name: 3EDF540C2CAC6F08DD893C30EE05E392.mlw
sha1: ebe6d5f431e029976d6a63e752d78a2ade56a737
sha256: a7167a16b72e8a302fd2861103595f01d20f1440d98945fadbbd0dca0425e089
sha512: 05e6b9ffb1d25673ba9c6cdbf5f3b69a6bb9c6fac2618a5bd0be9aa4fd365f273f73384c60afffe0eaeeb083c1df95d5adc737f6f3174762bf4bef320f036ad8
ssdeep: 12288:VBCwumFxhkUTVoLLoS60/K7yh0w6oRyQOQBZvDZi4STVYwEIjhbHURQhS/Bp7Wa:WwumFxhkUTVoLAwHyY7LZpSAIF
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2019
Assembly Version: 1.0.0.0
InternalName: VKpxRIT7yctFWs.exe
FileVersion: 1.0.0.0
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: HospitalManagementSystem
ProductVersion: 1.0.0.0
FileDescription: HospitalManagementSystem
OriginalFilename: VKpxRIT7yctFWs.exe

Bulz.462765 (B) also known as:

Elasticmalicious (high confidence)
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (W)
ESET-NOD32a variant of MSIL/Kryptik.AATH
APEXMalicious
AvastFileRepMetagen [Malware]
KasperskyUDS:Trojan-Spy.MSIL.Stealer.gen
BitDefenderGen:Variant.Bulz.462765
MicroWorld-eScanGen:Variant.Bulz.462765
Ad-AwareGen:Variant.Bulz.462765
SophosML/PE-A
BitDefenderThetaGen:NN.ZemsilF.34688.in0@auaYk2l
McAfee-GW-EditionBehavesLike.Win32.Generic.th
FireEyeGeneric.mg.3edf540c2cac6f08
EmsisoftGen:Variant.Bulz.462765 (B)
MicrosoftTrojan:Win32/AgentTesla!ml
GDataGen:Variant.Bulz.462765
McAfeeArtemis!3EDF540C2CAC
MAXmalware (ai score=84)
VBA32CIL.HeapOverride.Heur
MalwarebytesMalware.AI.3818671168
IkarusTrojan-Spy.Agent
FortinetMSIL/GenKryptik.FEQM!tr
AVGFileRepMetagen [Malware]

How to remove Bulz.462765 (B)?

Bulz.462765 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment