Categories: Malware

Bulz.940609 removal

The Bulz.940609 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Bulz.940609 virus can do?

Performs HTTP requests potentially not found in PCAP.
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the CobaltStrikeBeacon malware family
Attempts to modify proxy settings
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Bulz.940609?


File Info:
name: B276AFF82CDB0985147A.mlwpath: /opt/CAPEv2/storage/binaries/79c1dce5638dafbd2ced6a68ceac3930e54e1979bc181c1bca726b05d5d68c4ccrc32: FCCED6CAmd5: b276aff82cdb0985147a206f506ef7c1sha1: be70e8256719f05dc6673fcf94976eddf244cfd2sha256: 79c1dce5638dafbd2ced6a68ceac3930e54e1979bc181c1bca726b05d5d68c4csha512: c2527fd53c1bbd28e72b1502dc9c9653c9f5a7cf4b6f061d050562e9dd728ed4fe0605f4aec1da4dd7116a514dd30dc8cd05868d2d4828a0c93371ec6ceb95b1ssdeep: 6144:B8syDahw8hf96V7XM+9iA/2k+re382q9t7:BHE58hfMD1i2type: PE32+ executable (GUI) x86-64, for MS Windowstlsh: T1F1549D8F232F102CCB59F535457DD1A06A792BD22BF9E3A1BD2AE9102DC9DC1672BD01sha3_384: c5efa73f0e2a2eb212429113efcb746d5c073d760c2491a585cb18504626c08005dc4c01a33cdb4be364968d2de36661ep_bytes: 4883ec28488b05f56f0400c700010000timestamp: 1970-01-01 00:00:00
Version Info:
0: [No Data]

Bulz.940609 also known as:

Lionic	Trojan.Win32.CobaltStrike.4!c
Elastic	malicious (high confidence)
DrWeb	BackDoor.Meterpreter.157
MicroWorld-eScan	Gen:Variant.Bulz.940609
ClamAV	Win.Trojan.CobaltStrike-9044898-1
FireEye	Generic.mg.b276aff82cdb0985
McAfee	Artemis!B276AFF82CDB
Cylance	unsafe
VIPRE	Gen:Variant.Bulz.940609
Sangfor	Trojan.Win32.CobaltStrike
K7AntiVirus	Trojan ( 0058fadf1 )
Alibaba	Backdoor:Win64/Artifact.d3f132f0
K7GW	Trojan ( 0058fadf1 )
Cybereason	malicious.82cdb0
Cyren	W64/Cobalt.J.gen!Eldorado
Symantec	Backdoor.Cobalt
ESET-NOD32	a variant of Win64/CobaltStrike.Artifact.A
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win64.CobaltStrike.gen
BitDefender	Gen:Variant.Bulz.940609
Avast	Win64:HacktoolX-gen [Trj]
Tencent	Trojan.Win64.Cobaltstrike.ka
TACHYON	Trojan/W64.CobaltStrike.295936
Sophos	ATK/Cobalt-A
F-Secure	Heuristic.HEUR/AGEN.1345062
TrendMicro	Backdoor.Win64.COBEACON.SMA
McAfee-GW-Edition	BehavesLike.Win64.Generic.dc
Emsisoft	Gen:Variant.Bulz.940609 (B)
Ikarus	Trojan.Win64.Cobaltstrike
GData	Gen:Variant.Bulz.940609
Jiangmin	Trojan.CobaltStrike.ih
Avira	HEUR/AGEN.1345062
Antiy-AVL	RiskWare/Win64.Artifact
Arcabit	Trojan.Bulz.DE5A41
ZoneAlarm	HEUR:Trojan.Win64.CobaltStrike.gen
Microsoft	Backdoor:Win64/CobaltStrike.NP!dha
Google	Detected
AhnLab-V3	Backdoor/Win.COBEACON.R521642
Acronis	suspicious
ALYac	Gen:Variant.Bulz.940609
MAX	malware (ai score=88)
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/CI.A
TrendMicro-HouseCall	Backdoor.Win64.COBEACON.SMA
Rising	Backdoor.CobaltStrike/x64!1.E382 (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W64/Kryptik.BVR!tr
AVG	Win64:HacktoolX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)