Categories: Malware

Buzy.2282 (file analysis)

The Buzy.2282 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Buzy.2282 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process

How to determine Buzy.2282?



File Info:

name: E8FE98EAF9E66D40089A.mlwpath: /opt/CAPEv2/storage/binaries/f8d25670944746dbff71519f855732813bcf8e3cadebf323ebf95f1303d26cb9crc32: 0373D8CDmd5: e8fe98eaf9e66d40089a919beb32867csha1: ca2350cd42ab1632fa00e6d0d470e62c496752acsha256: f8d25670944746dbff71519f855732813bcf8e3cadebf323ebf95f1303d26cb9sha512: 281b8c7a48e90c360f740e06052503b28133631d85c68374d9bebbc0bd1267635a881e9eec2d68dd1183bbad77014a07daab92bee5ce4fac0d2e550d1ecd2d66ssdeep: 6144:TYGa+szRMW7Sv+IOQKA7qNiIcwIiHwTqAaN9:zavRMW8+NiI5Yatype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E6141282B3D9E569D1A1DDB7E207E6D18B380997472A6CBECC71C0DBBC312D1C54B609sha3_384: d0909d24cf519227711b4fcdfcfc0df4664c4615382e2dd1a6f1cb2b503d7d8bc8310e76e5c9ab9272435d491831f23aep_bytes: 60be000042008dbe0010feff5783cdfftimestamp: 2010-06-18 07:20:52

Version Info:

Translation: 0x0804 0x04b0ProductName: LoaderFileVersion: 1.00ProductVersion: 1.00InternalName: LoaderOriginalFilename: Loader.exe

Buzy.2282 also known as:

Lionic Trojan.Win32.VB.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.e8fe98eaf9e66d40
McAfee GenericRXAA-AA!E8FE98EAF9E6
Cylance Unsafe
Zillya Trojan.VB.Win32.45768
Sangfor Trojan.Win32.Buzy.2282
CrowdStrike win/malicious_confidence_70% (W)
Alibaba Trojan:Win32/Meredrop.640911c9
K7GW NetWorm ( 700000151 )
K7AntiVirus NetWorm ( 700000151 )
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/VB.QBV
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Buzy-6840162-0
Kaspersky Trojan.Win32.VB.ahjt
BitDefender Gen:Variant.Buzy.2282
NANO-Antivirus Trojan.Win32.VB.cvyhp
MicroWorld-eScan Gen:Variant.Buzy.2282
Avast FileRepMalware
Tencent Malware.Win32.Gencirc.10c29445
Ad-Aware Gen:Variant.Buzy.2282
Sophos Mal/Generic-S
Comodo TrojWare.Win32.Injector.ZVDA@4ydyx1
DrWeb Trojan.Inject.52556
VIPRE Trojan.Win32.Generic.pak!cobra
McAfee-GW-Edition BehavesLike.Win32.Generic.cc
Emsisoft Gen:Variant.Buzy.2282 (B)
SentinelOne Static AI – Malicious PE
GData Gen:Variant.Buzy.2282
Jiangmin Trojan/VB.apyt
Webroot W32.Malware.Gen
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Win32.VB
Arcabit Trojan.Buzy.D8EA
ViRobot Trojan.Win32.A.VB.198144[UPX]
ZoneAlarm Trojan.Win32.VB.ahjt
Microsoft PWS:Win32/Zbot!ml
TACHYON Trojan/W32.VB-Agent.311296.BG
AhnLab-V3 Trojan/Win32.Sasfis.R1155
ALYac Gen:Variant.Buzy.2282
MAX malware (ai score=100)
VBA32 Trojan.VBRA.01174
Malwarebytes Malware.AI.2509428348
Rising Dropper.Generic!8.35E (CLOUD)
Ikarus Trojan.SuspectCRC
MaxSecure Trojan.Malware.1419055.susgen
Fortinet W32/VB.LYK!tr.bdr
AVG FileRepMalware
Cybereason malicious.af9e66
Panda Generic Malware

How to remove Buzy.2282?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Buzy.2282loader
2 years ago

Recent Posts

Virus:Win32/Memery.HNS!MTB removal tips

The Virus:Win32/Memery.HNS!MTB is considered dangerous by lots of security experts. When this infection is active,…

7 mins ago

Trojan:MSIL/DCRat.RDJ!MTB (file analysis)

The Trojan:MSIL/DCRat.RDJ!MTB is considered dangerous by lots of security experts. When this infection is active,…

7 mins ago

How to remove “Virus:Win32/Expiro.L”?

The Virus:Win32/Expiro.L is considered dangerous by lots of security experts. When this infection is active,…

32 mins ago

Trojan:MSIL/Formbook.AMBA!MTB removal instruction

The Trojan:MSIL/Formbook.AMBA!MTB is considered dangerous by lots of security experts. When this infection is active,…

42 mins ago

Should I remove “Trojan-PSW.Win32.CoinStealer.bh”?

The Trojan-PSW.Win32.CoinStealer.bh is considered dangerous by lots of security experts. When this infection is active,…

47 mins ago

WebWatcher.Spyware.Monitor.DDS removal

The WebWatcher.Spyware.Monitor.DDS is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago