Categories: Malware

Bulz.550464 information

The Bulz.550464 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.550464 virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Expresses interest in specific running processes
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Bulz.550464?


File Info:
name: CB50803921F6AF75FD68.mlwpath: /opt/CAPEv2/storage/binaries/0ebc9d9e6acc9013b103f449a3f00648fbff8c669b2136419a3e0278e0af94c0crc32: F9990B83md5: cb50803921f6af75fd683761adf1fe04sha1: 489018cf6f2f71095d533d47a6f2e66319d18ee3sha256: 0ebc9d9e6acc9013b103f449a3f00648fbff8c669b2136419a3e0278e0af94c0sha512: 8a832be2bb88ebd2e11f587a8049550899109d3bbfb0613671dd31437dc3c724342d62bf1c07468551bb753233763e4074e23122464841acddffa943323934d6ssdeep: 12288:hDbTo/Fm+PQuegqxU/wVxGQ//JQ3HDoG6Rub/15zX:hDvo/Fm+SgqS/wVxGY/CDtzztype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T194D4E053E19C8886DCEA123AFE2298A63D34BD6A7134910F11917F1EF572F10D5E2B27sha3_384: 289dba123e560f7b800f33d50bc41f8c5400293f0d34c44e8cd695fc0dfdb0e2d1ccf20b5179749b5cbbd6d404d63122ep_bytes: 558bec6aff6808b3460068ea99460064timestamp: 2021-06-30 11:45:37
Version Info:
CompanyName: SWE Sven RitterFileDescription: SpeedEditFileVersion: 19.10.9900LegalCopyright: Copyright © 1993-2020 Sven Ritter. Alle Rechte vorbehalten.OriginalFilename: SpeedEdit.exeProductName: SpeedCommanderProductVersion: 19.10Translation: 0x0407 0x04b0

Bulz.550464 also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Staser.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Bulz.550464
FireEye	Generic.mg.cb50803921f6af75
McAfee	GenericRXPD-HK!CB50803921F6
Malwarebytes	Adware.DownloadAssistant
Sangfor	Trojan.Win32.Staser.gen
CrowdStrike	win/malicious_confidence_70% (W)
Alibaba	Trojan:Win32/Staser.ec5bc4e7
K7GW	Trojan ( 005825821 )
K7AntiVirus	Trojan ( 005825821 )
BitDefenderTheta	Gen:NN.ZexaF.34212.My0@aOXzNOFi
Cyren	W32/Kryptik.ELX.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HLMN
TrendMicro-HouseCall	TROJ_GEN.R002C0PB222
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Staser.gen
BitDefender	Gen:Variant.Bulz.550464
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Avast	Win32:CrypterX-gen [Trj]
Tencent	Win32.Trojan.Staser.Szky
Ad-Aware	Gen:Variant.Bulz.550464
Sophos	Mal/Generic-S
TrendMicro	TROJ_GEN.R002C0PB222
McAfee-GW-Edition	BehavesLike.Win32.Generic.jc
Emsisoft	Gen:Variant.Bulz.550464 (B)
Ikarus	Trojan.Win32.Crypt
GData	Gen:Variant.Bulz.550464
Avira	HEUR/AGEN.1244176
Antiy-AVL	Trojan/Win32.Staser
Gridinsoft	Ransom.Win32.Wacatac.sa
Arcabit	Trojan.Bulz.D86640
ZoneAlarm	HEUR:Trojan.Win32.Staser.gen
Microsoft	Trojan:Win32/Tnega!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R421535
VBA32	Trojan.Staser
ALYac	Gen:Variant.Bulz.550464
MAX	malware (ai score=81)
Cylance	Unsafe
APEX	Malicious
Rising	Backdoor.TeviRat!8.1089E (TFE:dGZlOgHZ4aEKKZ9WJw)
Yandex	Trojan.Staser!PUQ05ALeOiI
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HATU!tr
AVG	Win32:CrypterX-gen [Trj]
Panda	Trj/Genetic.gen