Malware

Bulz.543679 removal

Malware Removal

The Bulz.543679 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.543679 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Bulz.543679?



File Info:

name: 66CCFB2145E98FD9C6E7.mlw
path: /opt/CAPEv2/storage/binaries/d1cb7cd58aa00c6cfb0cd45fe3985eb24b2c3664786acb30f56fd559309211c3
crc32: 89074002
md5: 66ccfb2145e98fd9c6e734a257270415
sha1: af19bb1e279d94dd29658312f60a118263e72fdc
sha256: d1cb7cd58aa00c6cfb0cd45fe3985eb24b2c3664786acb30f56fd559309211c3
sha512: 82165fb52b1c31dc0c5f72a9331a3d8f8ed0ea5dc60facc282a9f0968a39d165ae8890b6bac9f4d8dd1fa34f9d1b853817dd273504a3271452b1d67269f2a9c9
ssdeep: 49152:3vbPKdPKkiEOEBitoPKjVHgOGf00ThdOyCPO:DkPpuHgO5zPO
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T112C5295073D29022ECA61B30DCBD51694676BD61662D83EF260BFEFD0A307B0D9B4726
sha3_384: 63d542846c53ac223e037ef569c46d8657cd6fb1372ed4e27ef3d5a23d0de0571d93a62494537679eead10e933d58fd7
ep_bytes: ff250020400000000000000000000000
timestamp: 2007-10-24 03:31:10


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft .NET Assembly Registration Utility
FileVersion: 2.0.50727.1433 (REDBITS.050727-1400)
InternalName: RegAsm.exe
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: RegAsm.exe
ProductName: Microsoft® .NET Framework
ProductVersion: 2.0.50727.1433
Comments: Flavor=Retail
Translation: 0x0409 0x04b0

Bulz.543679 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.543679
FireEyeGeneric.mg.66ccfb2145e98fd9
McAfeeArtemis!7B68E0DEFF92
CylanceUnsafe
CrowdStrikewin/malicious_confidence_70% (W)
CyrenW32/Autorun.DZ.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
ClamAVWin.Packed.Generic-6848149-0
BitDefenderGen:Variant.Bulz.543679
AvastWin32:Trojan-gen
Ad-AwareGen:Variant.Bulz.543679
SophosML/PE-A
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
EmsisoftGen:Variant.Bulz.543679 (B)
IkarusTrojan.Dropper
GDataGen:Variant.Bulz.543679
AviraHEUR/AGEN.1142787
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
ALYacGen:Variant.Bulz.543679
MAXmalware (ai score=89)
MalwarebytesMalware.AI.3518160241
SentinelOneStatic AI – Malicious PE
FortinetW32/SPNR.15EG12!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.145e98

How to remove Bulz.543679?

Bulz.543679 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment