Malware

Bulz.860405 (B) (file analysis)

Malware Removal

The Bulz.860405 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.860405 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Bulz.860405 (B)?



File Info:

name: E3B3F4A3793D2DFD3F6E.mlw
path: /opt/CAPEv2/storage/binaries/6d91c2c02ee3aeca25c83c817c70e67d9510baffd777c39960c558d0562c48f5
crc32: 38153152
md5: e3b3f4a3793d2dfd3f6e1f83d7a7feae
sha1: b08199ae6db3fcc19b0378ce4714ffe0efee32f7
sha256: 6d91c2c02ee3aeca25c83c817c70e67d9510baffd777c39960c558d0562c48f5
sha512: 9cbfb940fd4b9fdb6041af81692c860d24f49b56f09b6da26e9d23ac6b861619dcf68d7c32b0a83d6004465f8dcb55f8399c0c2973d65a9462bd6097c3a04eef
ssdeep: 12288:Is7WEFgf/6y3C8bP3nCeHPrXOcmFFgOkyU532WTh0tFhfa3G:Isi/64C8OAPjO7KX53RTh0tFda3G
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T13FC47D01BBE98272F5B707726DB65219897ABA610F31D2CF62D8635D0E717C0CA32B53
sha3_384: c553d8d29a620e17ce5b7d4804494410a4857c7d478afdf5932b533f73392260daad0bbf4d154a6baca5a78fc182336b
ep_bytes: ff250020400000000000000000000000
timestamp: 2010-09-29 06:43:44


Version Info:

CompanyName: Microsoft Corporation
FileDescription: .NET Framework
FileVersion: 3.0.4506.5420 (Win7SP1.030729-5400)
InternalName: ServiceModelReg.exe
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: ServiceModelReg.exe
ProductName: Microsoft® .NET Framework
ProductVersion: 3.0.4506.5420
Comments: Flavor=Retail
PrivateBuild: DDBLD247
Translation: 0x0409 0x04b0

Bulz.860405 (B) also known as:

MicroWorld-eScanGen:Variant.Bulz.860405
FireEyeGeneric.mg.e3b3f4a3793d2dfd
ALYacGen:Variant.Bulz.860405
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_60% (W)
CyrenW32/Harnig.C.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
BitDefenderGen:Variant.Bulz.860405
Ad-AwareGen:Variant.Bulz.860405
EmsisoftGen:Variant.Bulz.860405 (B)
McAfee-GW-EditionBehavesLike.Win32.Fujacks.hh
GDataGen:Variant.Bulz.860405
AviraHEUR/AGEN.1200717
ArcabitTrojan.Bulz.DD20F5
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
McAfeeArtemis!E3B3F4A3793D
MAXmalware (ai score=86)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Harnig.025E!tr
AVGWin32:Malware-gen
Cybereasonmalicious.e6db3f

How to remove Bulz.860405 (B)?

Bulz.860405 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment