Malware

Bulz.636008 malicious file

Malware Removal

The Bulz.636008 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.636008 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • CAPE detected the RedLine malware family

How to determine Bulz.636008?



File Info:

name: 18787B734A62EA5846E5.mlw
path: /opt/CAPEv2/storage/binaries/7e29e7ff3c24b58f40b2ceab800085b44f1d43e25449358fe0278e1309ab22cf
crc32: 7F596A30
md5: 18787b734a62ea5846e51d67b014caf5
sha1: cb4728485ca7aa139bbb08bfec607759fd9c956b
sha256: 7e29e7ff3c24b58f40b2ceab800085b44f1d43e25449358fe0278e1309ab22cf
sha512: 4feee9104bc165d26287bc7dbc313d038923f39120dd0c65f6caddfcc7d132f8394b560e81337f5775d9e748c4a418913296c29655beaf3a1f6c04492f809369
ssdeep: 24576:SJ9fF5LrncW2J0uaEpcdXwmcikTiO8a1xy3x+U8a2gqZ0meYPK+QjX:YxvLz1C0uXadX+xuw7J0meCPQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1935512A0B8D181B1EC2DCD76EC4B85D28C753DD28F4426F623EC376F2AA61A2150F56D
sha3_384: 4c774b6823c1c591bfbb11d4fc7d2123acdc0d5d2ce57f47e7023674f6325f4549187b7c76277068b4f4819265294875
ep_bytes: e8ad83ffff9f518b442440c6442404af
timestamp: 2012-07-13 22:47:16


Version Info:

Translation: 0x0000 0x04b0
FileDescription: MWF
FileVersion: 0.0.0.1
InternalName: MWF [21.05.15].exe
LegalCopyright: Copyright ©  2015
OriginalFilename: MWF [21.05.15].exe
ProductVersion: 0.0.0.1
Assembly Version: 0.0.0.1

Bulz.636008 also known as:

LionicTrojan.Win32.Agentb.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
McAfeeArtemis!18787B734A62
CylanceUnsafe
ZillyaTrojan.Agentb.Win32.9066
SangforTrojan.Win32.Wacatac.C
CrowdStrikewin/malicious_confidence_70% (D)
BitDefenderGen:Variant.Bulz.636008
K7GWTrojan ( 004b8c5b1 )
K7AntiVirusTrojan ( 004b8c5b1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.VMProtect.ABR
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agentb.bofg
AlibabaPacked:Win32/VMProtect.7b88f9bc
NANO-AntivirusTrojan.Win32.Agent.efzoaz
MicroWorld-eScanGen:Variant.Bulz.636008
AvastWin32:Malware-gen
TencentWin32.Trojan.Agentb.Dyqq
Ad-AwareGen:Variant.Bulz.636008
SophosMal/VMProtBad-A
ComodoMalware@#325708ub146of
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Trojan.tc
FireEyeGeneric.mg.18787b734a62ea58
EmsisoftGen:Variant.Bulz.636008 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bulz.636008
JiangminTrojan.Agentb.ajn
AviraTR/Black.Gen2
KingsoftWin32.Troj.Agentb.bo.(kcloud)
ArcabitTrojan.Bulz.D9B468
MicrosoftTrojan:Win32/Occamy.AA
AhnLab-V3Trojan/Win32.Gen
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34062.uz0@auf8UKg
ALYacGen:Variant.Bulz.636008
MAXmalware (ai score=88)
VBA32TScope.Malware-Cryptor.SB
RisingTrojan.Generic@ML.93 (RDML:NB+hqivm6vZ89Vh4U2iAUg)
YandexTrojan.Agentb!hk3/PHQpvF4
IkarusTrojan.MSIL.MultiPacked
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agentb.BOFG!tr
AVGWin32:Malware-gen
Cybereasonmalicious.34a62e
PandaTrj/Genetic.gen

How to remove Bulz.636008?

Bulz.636008 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment