Malware

Bulz.716073 (file analysis)

Malware Removal

The Bulz.716073 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.716073 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempted to write directly to a physical drive
  • Harvests cookies for information gathering
  • The sample wrote data to the system hosts file.
  • Anomalous binary characteristics

How to determine Bulz.716073?



File Info:

name: D808AD3EEC3795A68031.mlw
path: /opt/CAPEv2/storage/binaries/54810eb514ebe534e460ca43b8fb4505e1839faa599d6a8711c93bf6cf7d0174
crc32: 8BADD0B9
md5: d808ad3eec3795a6803110ccc7fb8927
sha1: dd0a0c9d46d15b53411a0a3f5c4302fe4dd9d328
sha256: 54810eb514ebe534e460ca43b8fb4505e1839faa599d6a8711c93bf6cf7d0174
sha512: 03d5e63b9259114f8ccd980eb6e75376d4db49b732026ad6a06572a5b23d15b0921af5f8410a8b969c02861316f6f3739a0e5799f2d235f1d29a43cb509a32dc
ssdeep: 24576:pQDtd2Dj9jYMsIichld1TMsWTdRn4vWpA76NVi0HFs1ekI:+Dtd8E8ld1osW70Wm1GynI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11F4533391BE75EA0CE5B76F0AB6B3E0C02451F450176E7EDD74C3C4A9F7C22A26A1912
sha3_384: 1419aedf6814c50a255e7bdd21c97630ba6e92b6e5283ce5f3396f59417495656313fd672729a4c623b43440e8368079
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 2020-08-24 10:09:43


Version Info:

CompanyName: PC28CC Game Company
FileVersion: 3.0.4.0
InternalName: AutoRight
ProductName: PC28CC Game
ProductVersion: 1.0.0.0
ProgramID: com.embarcadero.PAutoRight
FileDescription: PAutoRight
Translation: 0x0409 0x04e4

Bulz.716073 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Poison.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.716073
McAfeeArtemis!D808AD3EEC37
CylanceUnsafe
SangforTrojan.Win32.Wacatac.C
BitDefenderGen:Variant.Bulz.716073
BitDefenderThetaGen:NN.ZelphiF.34294.h11ba4q9Thhj
CyrenW32/Trojan.SJSC-7914
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
KasperskyBackdoor.Win32.Poison.jlsp
AlibabaBackdoor:Win32/Poison.f6a00ea3
NANO-AntivirusTrojan.Win32.Poison.hzuhme
TencentWin32.Backdoor.Poison.Wpjc
Ad-AwareGen:Variant.Bulz.716073
EmsisoftGen:Variant.Bulz.716073 (B)
McAfee-GW-EditionGenericRXME-UB!26715D5345B5
FireEyeGeneric.mg.d808ad3eec3795a6
SophosGeneric PUA NN (PUA)
GDataGen:Variant.Bulz.716073
JiangminTrojan.Hosts2.ddc
KingsoftWin32.Troj.Hosts2.g.(kcloud)
ArcabitTrojan.Bulz.DAED29
MicrosoftProgram:Win32/Ymacco.AA3E
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Poison.R350700
VBA32TScope.Trojan.Delf
ALYacGen:Variant.Bulz.716073
MAXmalware (ai score=82)
YandexBackdoor.Poison!yK7iv/uCEOs
SentinelOneStatic AI – Suspicious PE
FortinetW32/Hosts2!tr
AVGWin32:Malware-gen
Cybereasonmalicious.eec379
Paloaltogeneric.ml
MaxSecureTrojan.Malware.300983.susgen

How to remove Bulz.716073?

Bulz.716073 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment