Categories: Malware

Bulz.576570 information

The Bulz.576570 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.576570 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Collects information to fingerprint the system
Anomalous binary characteristics

How to determine Bulz.576570?


File Info:
crc32: 99D766A1md5: 98242642602784762aae6bce60751bd8name: 98242642602784762AAE6BCE60751BD8.mlwsha1: 3148d3948010b7cfb865800f3f3b03118b9bb5d6sha256: 1a127362f2bb3e8138398abe7957670acabf6ddec44b826227bde48120ca230fsha512: 0fa82fc191b1281d47292635d089b15e1a75b5d39b84f9ba29b4e52e03ddc3c36ddc4914bbef0204d148a4592d166ee5730d2dcfbe5d065c5aa8b66f5eb64098ssdeep: 6144:twu9veLLqxB3sBdig09vcyKOw99d5ba7QlUQmYdWCHvsX8mOGxM5VPjb8bg:Jk/oYdiHvb9wTLbIGUCouvucbb80type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0409 0x04b0InternalName: KIrvFileVersion: 9.16.0003CompanyName: CPNIGa AfKia HQ70DzbComments: JN5r0Yf05 SaS EL8CRNProductName: JN5r0Yf05 SaS EL8CRNProductVersion: 9.16.0003FileDescription: FNz WHt5bBl OuOriginalFilename: KIrv.exe

Bulz.576570 also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	EmailWorm ( 003c363a1 )
Elastic	malicious (high confidence)
ALYac	Gen:Variant.Bulz.576570
Malwarebytes	MachineLearning/Anomalous.96%
Zillya	Dropper.VB.Win32.52490
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
K7GW	EmailWorm ( 003c363a1 )
Cybereason	malicious.48010b
BitDefenderTheta	Gen:NN.ZevbaF.34236.Bm0@a4t3Hjki
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.TRW
APEX	Malicious
Avast	Win32:VBCrypt-BCO [Trj]
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Dropper.Win32.VB.drrk
BitDefender	Gen:Variant.Bulz.576570
NANO-Antivirus	Trojan.Win32.VB2.xxiog
MicroWorld-eScan	Gen:Variant.Bulz.576570
Tencent	Win32.Trojan-Dropper.Vb.cfqa
Ad-Aware	Gen:Variant.Bulz.576570
Sophos	Mal/Generic-S
Comodo	Malware@#3tmox4y80km69
DrWeb	Trojan.Siggen7.20605
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.gc
FireEye	Generic.mg.9824264260278476
Emsisoft	Gen:Variant.Bulz.576570 (B)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Dropper.VB.Gen
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.2765A96
Kingsoft	Win32.Heur.KVM001.a.(kcloud)
SUPERAntiSpyware	Trojan.Agent/Gen-FalDesc
ZoneAlarm	Trojan-Dropper.Win32.VB.drrk
GData	Gen:Variant.Bulz.576570
AhnLab-V3	Trojan/Win32.VB.C2320961
Acronis	suspicious
McAfee	Artemis!982426426027
MAX	malware (ai score=82)
VBA32	TrojanDropper.VB
Panda	Generic Malware
Yandex	Trojan.DR.VB!s4Q6j0VbYJI
Ikarus	Trojan.Win32.Vilsel
Fortinet	W32/Vilsel.TET!tr
AVG	Win32:VBCrypt-BCO [Trj]
Paloalto	generic.ml