Malware

Should I remove “Bulz.591793”?

Malware Removal

The Bulz.591793 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.591793 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Serbian
  • The binary likely contains encrypted or compressed data.
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • Creates a hidden or system file
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

manvim.co

How to determine Bulz.591793?



File Info:

crc32: D05741D0
md5: ef5105caed1d432aca814ba5eb4b9d90
name: EF5105CAED1D432ACA814BA5EB4B9D90.mlw
sha1: d7d6f953700e1873d59728ae0f4aac32d33e7c88
sha256: 276df8a116116425e538bfea657c789006d45a6e9f2802f396154574aa0085e3
sha512: 8d35353b3a4fd11298cf13a7ab3ee911790114ec4c41bbfdd679558a50e10067d4bd1c4f05421249c196fd33331910a85890871e72a58c43d1d1e229f4ed590c
ssdeep: 3072:JmZ4LE4JUUIbusMwdSLA68JI1lR5SrReX6owI8zxJWtk0+syVUI:JfLEGUL67wAPSrRgzwIoxJgTBI
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

InternalName: kogzmuadeke.exi
ProductVersion: 99.9.20.51
Copyright: Copyrighz (C) 2020, vodkagats
Translation: 0x0182 0x0102

Bulz.591793 also known as:

Elasticmalicious (high confidence)
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:MSIL/Kryptik.78828aca
CyrenW32/MSIL_Kryptik.FBZ.gen!Eldorado
ESET-NOD32a variant of MSIL/Kryptik.ACHD
APEXMalicious
AvastWin32:PWSX-gen [Trj]
KasperskyHEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefenderGen:Variant.Bulz.591793
TencentMsil.Trojan-qqpass.Qqrob.Ajll
TrendMicroTrojanSpy.MSIL.NEGASTEAL.SMG
MicrosoftTrojan:Win32/Sabsik.FL.A!ml
ZoneAlarmHEUR:Trojan-PSW.MSIL.Agensla.gen
AhnLab-V3Trojan/Win.NEGASTEAL.C4582224
McAfeeArtemis!E1AD89D88C9F
MAXmalware (ai score=88)
TrendMicro-HouseCallTrojanSpy.MSIL.NEGASTEAL.SMG
SentinelOneStatic AI – Suspicious PE
FortinetMSIL/Kryptik.ACHD!tr
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml

How to remove Bulz.591793?

Bulz.591793 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment