Malware

Bulz.51656 removal instruction

Malware Removal

The Bulz.51656 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.51656 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Anomalous binary characteristics

How to determine Bulz.51656?



File Info:

name: 5D0DEDA007CEB9BEEBF1.mlw
path: /opt/CAPEv2/storage/binaries/6198922a877400f62d023d58661282bc7ad082aaf3dc5551679d2b8081b12a29
crc32: 81B4FA73
md5: 5d0deda007ceb9beebf10d8153283398
sha1: b8ede71b524aa515b724b34011248cdc75eec43f
sha256: 6198922a877400f62d023d58661282bc7ad082aaf3dc5551679d2b8081b12a29
sha512: 5e6528a269dd4091deda82583c7c3ca93843a7dd14bece3caa4c4aab6ce2cd1b68477539d608edec9226e52d58d3cdfeb58cd6f119c68bb31b1f706b959cf21c
ssdeep: 1536:/UcEC5A/t84axyFYKxfSP+plauHmWWWWWWWWQ4xSRbR5rYv/Jr0mfrqQcHpbbqZ1:/U04CKxqPHuv426v/904r/Zog
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11A24D72AF78259B1C4DC023F4C7579704AA3B4156F67FF17234AF62E6C726279A0234A
sha3_384: bc2d1ebf93cd06e7dccb26301106548c875b4f434a8f80037c9d3a06e8baa9cacc9b9e92e342480a943964d93206356e
ep_bytes: 686c304000e8f0ffffff000000000000
timestamp: 2010-11-19 05:06:36


Version Info:

Translation: 0x0409 0x04b0
ProductName: Update
FileVersion: 1.00
ProductVersion: 1.00
InternalName: ActiveX
OriginalFilename: ActiveX.exe

Bulz.51656 also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Bulz.51656
FireEyeGeneric.mg.5d0deda007ceb9be
McAfeeGenericRXTM-DP!5D0DEDA007CE
CylanceUnsafe
VIPREGen:Variant.Bulz.51656
Sangfor[MICROSOFT VISUAL BASIC V6.0]
K7GWP2PWorm ( 004f24221 )
Cybereasonmalicious.007ceb
VirITTrojan.Win32.Generic.SWC
ESET-NOD32a variant of Win32/VB.PYV
APEXMalicious
ClamAVWin.Trojan.VB-1406
KasperskyBackdoor.Win32.VB.njm
BitDefenderGen:Variant.Bulz.51656
AvastWin32:GenMalicious-GX [Trj]
Ad-AwareGen:Variant.Bulz.51656
SophosML/PE-A
DrWebTrojan.DownLoader5.17369
ZillyaTrojan.VB.Win32.55263
McAfee-GW-EditionGenericRXTM-DP!5D0DEDA007CE
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Bulz.51656 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bulz.51656
JiangminTrojan/VB.cymv
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.12A
ArcabitTrojan.Bulz.DC9C8
ViRobotTrojan.Win32.A.VB.221205
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.VB.R505126
MAXmalware (ai score=88)
MalwarebytesMalware.AI.3598715032
RisingTrojan.Autorun!1.DA78 (CLASSIC)
YandexTrojan.GenAsa!gu1xkTZLCFQ
IkarusTrojan.Win32.VB
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.PQJ!tr
BitDefenderThetaGen:NN.ZevbaF.34786.nm1@aGO3!noi
AVGWin32:GenMalicious-GX [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Bulz.51656?

Bulz.51656 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment