Malware

Bulz.793946 (file analysis)

Malware Removal

The Bulz.793946 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.793946 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Bulz.793946?



File Info:

name: FB53E8329F479CDAACBE.mlw
path: /opt/CAPEv2/storage/binaries/ab561032327d25263d4e395d95659b682825d23e7df71bc979ac1ab8c022d7e3
crc32: 6FF6B882
md5: fb53e8329f479cdaacbe0ed5b092557a
sha1: aa520e659dd7af03a6fd6db2fee5db405ce9db98
sha256: ab561032327d25263d4e395d95659b682825d23e7df71bc979ac1ab8c022d7e3
sha512: 0080712fe87dc5d7c296871cbfb18e758576830b12b8ef26cef0419d1cf114f4ec8a11383d69bce748c68637ede4fc6c466cd445457538560ae91ca06671d2ae
ssdeep: 3072:Zx8tQMBl123mpqmBR/dvRRP8FLPf7GU9yXCRRlVwl9OmGEov:Zx8tPtR/LRP8FOpSRU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E5F3512117EE541DF032AFF15BEE67E69F1FEB93A501985F3080830E6C26B4ABD81525
sha3_384: 592e426cb3cc8c4ace1343ddc801ba6813f75d57324886512dc1f392714bd12ca741089f5749ded5be4a98869e45ff71
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-03-12 23:16:53


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Microsoft
FileDescription: نمثىلنمهىقلهههقحلىححخثل
FileVersion: 1.0.0.0
InternalName: نمثىلنمهىقلهههقحلىححخثل.exe
LegalCopyright: Copyright © Microsoft 2018
OriginalFilename: نمثىلنمهىقلهههقحلىححخثل.exe
ProductName: نمثىلنمهىقلهههقحلىححخثل
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Bulz.793946 also known as:

LionicTrojan.MSIL.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.793946
McAfeeGenericRXEH-FS!FB53E8329F47
CylanceUnsafe
SangforTrojan.MSIL.Generic.ky
K7AntiVirusTrojan ( 005243231 )
AlibabaTrojan:MSIL/Kryptik.afb55636
K7GWTrojan ( 005243231 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/MSIL_Bladabindi.AE.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.QHH
APEXMalicious
KasperskyHEUR:Trojan.MSIL.Generic
BitDefenderGen:Variant.Bulz.793946
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Bulz.793946
SophosML/PE-A
DrWebBackDoor.RevetRat.2
TrendMicroTROJ_GEN.R002C0PJH21
McAfee-GW-EditionGenericRXEH-FS!FB53E8329F47
FireEyeGeneric.mg.fb53e8329f479cda
EmsisoftGen:Variant.Bulz.793946 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bulz.793946
JiangminTrojan.MSIL.aiusc
AviraTR/Dropper.Gen
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.2501066
ArcabitTrojan.Bulz.DC1D5A
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/MSILKrypt14.Exp
VBA32TScope.Trojan.MSIL
ALYacGen:Variant.Bulz.793946
MalwarebytesMalware.AI.3792251128
TrendMicro-HouseCallTROJ_GEN.R002C0PJH21
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.NFX!tr
BitDefenderThetaGen:NN.ZemsilF.34062.kq1@aW0bWsn
AVGWin32:Malware-gen
Cybereasonmalicious.59dd7a
PandaTrj/GdSda.A

How to remove Bulz.793946?

Bulz.793946 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment