Bulz.599742 removal tips

The Bulz.599742 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Bulz.599742 virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
.NET file is packed/obfuscated with Confuser
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Bulz.599742?


File Info:
name: 4171D78EDB20D86D7E08.mlw
path: /opt/CAPEv2/storage/binaries/acce2dfa6ce2ab67b5a278e2032127158f49dd3c211eda38d9623877029372f8
crc32: 82B9457A
md5: 4171d78edb20d86d7e083fe57a1bbe7f
sha1: 36ad3968a58c4fd08e3d4be3a5f2ee977af27990
sha256: acce2dfa6ce2ab67b5a278e2032127158f49dd3c211eda38d9623877029372f8
sha512: e1bb967edf56dee9f4071861e2e4d606de45904d2d1d4f9300481dd5544ca2155bf1668ab5e14227ee45b6e459afcfe1fffd2304d496f5164c907553d6c7fd38
ssdeep: 98304:jGj/nwAauY18X9UFINOoO8xC8X8NmoUx0GalT:Cjvau28NUFmOx8xDMLU+Ga
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CDF533757D86A270C80146B9985DFD693EDEEFF67D2092CC38B97F4E3A325602126230
sha3_384: 33813f4935b05fe4e3b8a5761ddf92010613178819aa1ac429daafd37d47d5bc2626b96fd1290479b2460a231a9dca49
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-10-20 15:00:32

Version Info:
Translation: 0x0000 0x04b0
Comments: XW16Pro脱机烧录器远程客户端
CompanyName: www.xwopen.com
FileDescription: XW16Pro脱机烧录器远程客户端
FileVersion: 1.0.0.0
InternalName: XW16Pro脱机烧录器远程客户端.exe
LegalCopyright: Copyright ©  2018
LegalTrademarks: XW16Pro脱机烧录器远程客户端
OriginalFilename: XW16Pro脱机烧录器远程客户端.exe
ProductName: XW16Pro脱机烧录器远程客户端
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Bulz.599742 also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Bulz.599742
FireEye	Generic.mg.4171d78edb20d86d
ALYac	Gen:Variant.Bulz.599742
Cybereason	malicious.8a58c4
Cyren	W32/MSIL_Agent.CLO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.ACGD
APEX	Malicious
ClamAV	Win.Malware.Mardom-9901704-0
Kaspersky	HEUR:Trojan.MSIL.Agent.gen
BitDefender	Gen:Variant.Bulz.599742
Ad-Aware	Gen:Variant.Bulz.599742
Emsisoft	Gen:Variant.Bulz.599742 (B)
VIPRE	Gen:Variant.Bulz.599742
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.moderate.ml.score
Sophos	Generic ML PUA (PUA)
GData	Gen:Variant.Bulz.599742
Jiangmin	Trojan.Snojan.cah
Avira	HEUR/AGEN.1216836
Arcabit	Trojan.Bulz.D926BE
ZoneAlarm	HEUR:Trojan.MSIL.Agent.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!4171D78EDB20
MAX	malware (ai score=83)
Malwarebytes	Trojan.Crypt.MSIL
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:x07Ap/1Tke2ysJViezIhow)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Malicious_Behavior.SB
BitDefenderTheta	Gen:NN.ZemsilF.34742.zp0@aOOtF!i
CrowdStrike	win/malicious_confidence_60% (W)

How to remove Bulz.599742?

Bulz.599742 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X