Malware

About “Bulz.909095” infection

Malware Removal

The Bulz.909095 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bulz.909095 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Bulz.909095?



File Info:

name: E9298E5F478CCEA29D85.mlw
path: /opt/CAPEv2/storage/binaries/66dd4d006981ba4fa5acb49638837b0dc21efa1131cda884bba8ae7c69121432
crc32: DAA98F0C
md5: e9298e5f478ccea29d85a24979b0a562
sha1: bb9f5359666b99ab11e0dd334952884ae4f9c652
sha256: 66dd4d006981ba4fa5acb49638837b0dc21efa1131cda884bba8ae7c69121432
sha512: 7537c7368fe6e813daf34eb7f4fcd1c1b8549edf717c1f7a18112e4c7d26a332ea2ccbf26412a68862820bf636bc4bfb5f03302376d27de6dad48e846ad3d956
ssdeep: 3072:qqW2nQPvsOvf3rM7RSld1eRHo7koTEyjiTckS2VizP3Mn/4W/ubieYSouZEGtA1F:K+QPvsOvf7M7zszNdKizPcibiegoAMu
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T18E34285137E98955E4FF2B3669B686118632BDA65B36C3CF004075AE8D73BC1C8317A3
sha3_384: 85e0e576cc1db5f345d6061d45a40016b880ff5a81e12819802c91459a0a26d7893b6740a9316c63a9cbae781320802e
ep_bytes: ff25de26fdffcccccccccccccccccccc
timestamp: 2010-11-20 11:21:46


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Media Center Store Update Manager
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName: mcupdate.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: mcupdate.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7601.17514
Translation: 0x0409 0x04b0

Bulz.909095 also known as:

LionicTrojan.Win32.Bulz.4!c
McAfeeArtemis!E9298E5F478C
CylanceUnsafe
CrowdStrikewin/malicious_confidence_60% (W)
CyrenW64/Blackie.R.gen!Eldorado
APEXMalicious
BitDefenderGen:Variant.Bulz.909095
MicroWorld-eScanGen:Variant.Bulz.909095
Ad-AwareGen:Variant.Bulz.909095
VIPRETrojan.Win32.Generic!BT
FireEyeGen:Variant.Bulz.909095
EmsisoftGen:Variant.Bulz.909095 (B)
IkarusTrojan.Agent
GDataGen:Variant.Bulz.909095
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ALYacGen:Variant.Bulz.909095
MAXmalware (ai score=80)
SentinelOneStatic AI – Suspicious PE
FortinetMSIL/Agent.BE23!tr
WebrootW32.Trojan.Gen

How to remove Bulz.909095?

Bulz.909095 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment