Ransom

What is “Ransom.Bulz.101”?

Malware Removal

The Ransom.Bulz.101 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.Bulz.101 virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom.Bulz.101?


File Info:

name: 67A8A33667D10B9AB108.mlw
path: /opt/CAPEv2/storage/binaries/f3befc18d394dd2da287f0c216bd7f9f80e6c048d4005bba1f5fe578b57def2e
crc32: 71023FDE
md5: 67a8a33667d10b9ab108081bf8edb440
sha1: 3e27f0369beacce59e6931250e6716e794477cbf
sha256: f3befc18d394dd2da287f0c216bd7f9f80e6c048d4005bba1f5fe578b57def2e
sha512: 970c9e2e5a1e6db39424f1be6253c04ae05e659026b647e0a167f4269662de2a86ef301eea44a1e261e19e28a2920d48dbc0af8205428a2a8f26bb97cecb01c9
ssdeep: 3072:Pmeb3gXIngRPNK4dct6uetFTyotL1lsf1ZBws+VvpwX0tX+YBoP1RwoutN:Pms3gYn4nduevPhloZBn1IX+YOgoSN
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1630412CC412A0F54CC7411B482CA39AB6EB9FB0EC576EBD58E942B2C856F344172D6F2
sha3_384: 18666c36196e66862472184b3144c0447f986b926964bd51be16ed7aac525a439f6f7b606839fb66aac7800c895b9d2b
ep_bytes: 807c2408010f85b60b000060be003005
timestamp: 2020-10-01 10:18:49

Version Info:

FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Ransom.Bulz.101 also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Ransom.Bulz.101
FireEyeGeneric.mg.67a8a33667d10b9a
SkyhighBehavesLike.Win32.Injector.cc
McAfeeArtemis!67A8A33667D1
Cylanceunsafe
BitDefenderThetaGen:NN.ZedlaF.36802.kqSfa8neUbfb
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.BlackMoon.D suspicious
APEXMalicious
BitDefenderGen:Variant.Ransom.Bulz.101
TencentTrojan.Win32.Agent_cl.16001152
EmsisoftGen:Variant.Ransom.Bulz.101 (B)
VIPREGen:Variant.Ransom.Bulz.101
Trapminemalicious.moderate.ml.score
IkarusPUA.BlackMoon
MAXmalware (ai score=82)
JiangminTrojan.Blamon.ase
Antiy-AVLTrojan[Banker]/Win32.Blackmoon.a
MicrosoftTrojan:Win32/Wacatac.B!ml
XcitiumTrojWare.Win32.ServStart.DM@6edgy4
ArcabitTrojan.Ransom.Bulz.101 [many]
GDataGen:Variant.Ransom.Bulz.101 (2x)
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C3302801
ALYacGen:Variant.Ransom.Bulz.101
MalwarebytesRiskWare.Agent.EY
PandaTrj/GdSda.A
SentinelOneStatic AI – Suspicious PE
MaxSecureDropper.Dinwod.frindll
FortinetRiskware/Blackmoon
DeepInstinctMALICIOUS

How to remove Ransom.Bulz.101?

Ransom.Bulz.101 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment