Malware

How to remove “Bulz.782168”?

Malware Removal

The Bulz.782168 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Bulz.782168 virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Mongolian
  • The binary likely contains encrypted or compressed data.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
iplogger.org
sliderfriday.top
a.tomx.xyz

How to determine Bulz.782168?


File Info:

crc32: 4F1DA462
md5: 2c7e424a6d14ef89b65dbca498fff6cb
name: 2C7E424A6D14EF89B65DBCA498FFF6CB.mlw
sha1: 1602cc2dc681557d5a2d9889fc9940a8fc0a2779
sha256: 7482a1f9c598d371d7b80f1dc68e494fa2f6defc5ca6be80290e6785e9ea946d
sha512: 317526afc80b2f29c1df94b2eccb38497df74cb63d16dad479021ee31aef445a036f76b675fde2838d457b3fab8d975934890e8fbc202c523d7dee88ee13252b
ssdeep: 12288:bo+jiY7BU7As7eT2by2Z2NIX5VZjBdZictGSJIX/bKIdMjA:3d7H27ZJJVZjht7JWbmjA
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0120 0x04b8

Bulz.782168 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Siggen3.3257
CAT-QuickHealRansom.Stop.Z5
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW32/Agent.DLJ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HMSI
APEXMalicious
AvastWin32:PWSX-gen [Trj]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Injuke.gen
BitDefenderGen:Variant.Bulz.782168
MicroWorld-eScanGen:Variant.Bulz.782168
Ad-AwareGen:Variant.Bulz.782168
SophosML/PE-A
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
FireEyeGeneric.mg.2c7e424a6d14ef89
EmsisoftGen:Variant.Bulz.782168 (B)
SentinelOneStatic AI – Malicious PE
MicrosoftRansom:Win32/LockbitCrypt.SV!MTB
GDataGen:Variant.Bulz.782168
AhnLab-V3Trojan/Win.MalPE.R443772
Acronissuspicious
McAfeePacked-GDT!2C7E424A6D14
MAXmalware (ai score=89)
MalwarebytesTrojan.MalPack.GS
PandaTrj/Genetic.gen
RisingTrojan.Kryptik!1.D9CF (CLASSIC)
IkarusTrojan.Win32.Crypt
AVGWin32:PWSX-gen [Trj]

How to remove Bulz.782168?

Bulz.782168 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment