Malware

Should I remove “Bulz.872106”?

Malware Removal

The Bulz.872106 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.872106 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Bulz.872106?



File Info:

name: B5B1E0F255E74731A3D2.mlw
path: /opt/CAPEv2/storage/binaries/e308ddd95e54994eb97e7ebe70eabdd555f28efdac95bcfc58c0b6161d59b157
crc32: DF9DDFCB
md5: b5b1e0f255e74731a3d217b52d762bc7
sha1: c9cea94396ff69ca916e44dfe55c88f33c7b3a71
sha256: e308ddd95e54994eb97e7ebe70eabdd555f28efdac95bcfc58c0b6161d59b157
sha512: c7762e5901a481c30d70fded38e9134729747121ed3faec39750f4d7f96c0e9162571a129893ba5c65959c4819606064b878b5357ed52ca4613ff911d7c7b83d
ssdeep: 49152:3WTmUi6AjW/MUSdGRf3/0oJdXN0BMOwLloBrug:HjxAZrJdXN0B7+s
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T187E5A30225449631CC6D0D747990923AF890ACAFBD1F7D563F407EEEAAB7AC257D1232
sha3_384: b06c1f4d5ed8b4bf1d4ece4ab59e816efc59f2a4446a8e01ad6b433deab432981c9071b05c874b8ee208a2778ff3efef
ep_bytes: ff25de26fdffcccccccccccccccccccc
timestamp: 2010-11-20 11:21:46


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Media Center Store Update Manager
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName: mcupdate.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: mcupdate.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7601.17514
Translation: 0x0409 0x04b0

Bulz.872106 also known as:

LionicTrojan.Win32.Bulz.4!c
Elasticmalicious (high confidence)
ALYacGen:Variant.Bulz.872106
CylanceUnsafe
AlibabaVirus:Win64/Blackie.ca5c7ea7
Cybereasonmalicious.396ff6
CyrenW64/Blackie.R.gen!Eldorado
SymantecTrojan.Gen.MBT
ClamAVWin.Dropper.Vindor-9886634-0
AvastWin64:Malware-gen
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionArtemis!Trojan
SentinelOneStatic AI – Malicious PE
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
McAfeeArtemis!B5B1E0F255E7
APEXMalicious
IkarusTrojan.Agent
MaxSecureTrojan.Malware.121218.susgen
FortinetMSIL/Agent.BE23!tr
AVGWin64:Malware-gen
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Bulz.872106?

Bulz.872106 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment