Categories: Malware

Should I remove “Bulz.668824”?

The Bulz.668824 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.668824 virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
NtSetInformationThread: attempt to hide thread from debugger
Creates RWX memory
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Authenticode signature is invalid
Tries to suspend Cuckoo threads to prevent logging of malicious activity
Attempts to modify proxy settings

How to determine Bulz.668824?


File Info:
name: 56157CF67859BCEB12A5.mlwpath: /opt/CAPEv2/storage/binaries/fe293e079c6b04a9320a04b7c17bdaf57897a0d6d4e73c72aa97deaae5615c61crc32: 70B5FF58md5: 56157cf67859bceb12a582c7452678b7sha1: b59bd5ecda5f472477faafd793d6087bdc172d63sha256: fe293e079c6b04a9320a04b7c17bdaf57897a0d6d4e73c72aa97deaae5615c61sha512: 7fba367e2e6dbc5c528ca99289ef9ee13bfd94303d455db203849381bccd9f73d75833649b67125d82f50b935e7748a1782047ea19c9ebaad3b2ac05ea004870ssdeep: 393216:CqELopaSFyTdtvNAgucCgCNxc/GHTCjPw3U:CqEUpuTnNTCgCNxteNtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1C1E633749C6A27A2F80C6CB4628CF5B5384F5D2E6D628BC73ACC9EBF986DC41114F614sha3_384: 666d855075753cc5dc27a24676bc2afcdd9720871628ccdb70e5a037892d4ec4c5df7d03ce12995702215623703c2eafep_bytes: e8eca3d700e8a3a1d7008d053ab0bf01timestamp: 2022-04-01 02:52:24
Version Info:
FileVersion: 4.7.0.0FileDescription: 路胜视频批量ProductName: 路胜视频批量ProductVersion: 4.7.0.0CompanyName: 在路上LegalCopyright: 在路上 版权所有Comments: 本程序使用易语言编写(http://www.eyuyan.com)Translation: 0x0804 0x04b0

Bulz.668824 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Bulz.668824
FireEye	Generic.mg.56157cf67859bceb
ALYac	Gen:Variant.Bulz.668824
Cylance	Unsafe
K7AntiVirus	Adware ( 005693e61 )
BitDefender	Gen:Variant.Bulz.668824
K7GW	Adware ( 005693e61 )
Cybereason	malicious.cda5f4
Baidu	Win32.Packed.VMProtect.a
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/FlyStudio.Packed.AN potentially unwanted
APEX	Malicious
Rising	Trojan.Generic@AI.85 (RDMK:cmRtazqrrBj79UOcydJZbumwzBno)
Ad-Aware	Gen:Variant.Bulz.668824
Emsisoft	Gen:Variant.Bulz.668824 (B)
Comodo	TrojWare.Win32.Agent.ISVQ@5mbonp
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Sophos	Mal/VMProtBad-A
GData	Win32.Application.PUPStudio.A
Avira	TR/Black.Gen2
Arcabit	Trojan.Bulz.DA3498
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
MAX	malware (ai score=84)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Dropper.Dinwod.frindll
BitDefenderTheta	Gen:NN.ZexaF.34638.@F0@a4WEB0ib
CrowdStrike	win/malicious_confidence_70% (D)