Malware

Bulz.637689 removal

Malware Removal

The Bulz.637689 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.637689 virus can do?

  • Dynamic (imported) function loading detected
  • The binary likely contains encrypted or compressed data.
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Bulz.637689?



File Info:

name: 64F879411F07AC64DD30.mlw
path: /opt/CAPEv2/storage/binaries/c4401c78cc82fe2a4a1b8a30a383debf06308ede8b01b74170b6859ee2597f1e
crc32: 183CDD49
md5: 64f879411f07ac64dd308b8685e52632
sha1: 855af2cb5f673fb91d75c6da3ff036217e866a2a
sha256: c4401c78cc82fe2a4a1b8a30a383debf06308ede8b01b74170b6859ee2597f1e
sha512: 3ae8192429568f211940c56af7f6674c400fe328c54f165c5d5cf30788b482ea4e8d28e0b7a84ac6447cde6fc11d5073e8a3704ee2cdda01923cf6f05a4e0a47
ssdeep: 3072:ODKmU+9+a24Eba7lI7lDBp7+avzrropm5ZT1K:0Kmx2bbN7p7PnPZT1
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T103B3BF5ADF9E7F26E3ED057984E261280370D26F0747E72FB5CC0234A8253DB1645A9B
sha3_384: 8e7d947ff30d4ff892cfd1dbf6e09f2279cd977361aea5eac4a355c499d5081540911ed0ed029a65307cd666ddadf243
ep_bytes: 4d5a90000300000004000000ffff0000
timestamp: 2021-09-01 13:25:16


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Microsoft Corporation
FileDescription: The Managed Object Format (MOF) Compiler
FileVersion: 10.0.19041.1081
InternalName: mofcomp-miner.dll
LegalCopyright: © Microsoft Corporation. All rights served
OriginalFilename: mofcomp-miner.dll
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.19041.1081
Assembly Version: 0.0.0.0

Bulz.637689 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.637689
FireEyeGeneric.mg.64f879411f07ac64
CylanceUnsafe
Cybereasonmalicious.b5f673
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/CoinMiner.BNN
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Bulz.637689
AvastMSIL:GenMalicious-NX [Trj]
Ad-AwareGen:Variant.Bulz.637689
EmsisoftGen:Variant.Bulz.637689 (B)
DrWebTrojan.InjectNET.14
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bulz.637689
MaxSecureTrojan.Malware.300983.susgen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4599706
ALYacGen:Variant.Bulz.637689
MAXmalware (ai score=82)
MalwarebytesTrojan.BitCoinMiner
IkarusTrojan.MSIL.CoinMiner
eGambitUnsafe.AI_Score_99%
FortinetMSIL/CoinMiner.BLY!tr
AVGMSIL:GenMalicious-NX [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Bulz.637689?

Bulz.637689 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment