What is "Ransom.Bulz.101"?

The Ransom.Bulz.101 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.Bulz.101 virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom.Bulz.101?


File Info:
name: 67A8A33667D10B9AB108.mlw
path: /opt/CAPEv2/storage/binaries/f3befc18d394dd2da287f0c216bd7f9f80e6c048d4005bba1f5fe578b57def2e
crc32: 71023FDE
md5: 67a8a33667d10b9ab108081bf8edb440
sha1: 3e27f0369beacce59e6931250e6716e794477cbf
sha256: f3befc18d394dd2da287f0c216bd7f9f80e6c048d4005bba1f5fe578b57def2e
sha512: 970c9e2e5a1e6db39424f1be6253c04ae05e659026b647e0a167f4269662de2a86ef301eea44a1e261e19e28a2920d48dbc0af8205428a2a8f26bb97cecb01c9
ssdeep: 3072:Pmeb3gXIngRPNK4dct6uetFTyotL1lsf1ZBws+VvpwX0tX+YBoP1RwoutN:Pms3gYn4nduevPhloZBn1IX+YOgoSN
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1630412CC412A0F54CC7411B482CA39AB6EB9FB0EC576EBD58E942B2C856F344172D6F2
sha3_384: 18666c36196e66862472184b3144c0447f986b926964bd51be16ed7aac525a439f6f7b606839fb66aac7800c895b9d2b
ep_bytes: 807c2408010f85b60b000060be003005
timestamp: 2020-10-01 10:18:49

Version Info:
FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Ransom.Bulz.101 also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Variant.Ransom.Bulz.101
FireEye	Generic.mg.67a8a33667d10b9a
Skyhigh	BehavesLike.Win32.Injector.cc
McAfee	Artemis!67A8A33667D1
Cylance	unsafe
BitDefenderTheta	Gen:NN.ZedlaF.36802.kqSfa8neUbfb
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.BlackMoon.D suspicious
APEX	Malicious
BitDefender	Gen:Variant.Ransom.Bulz.101
Tencent	Trojan.Win32.Agent_cl.16001152
Emsisoft	Gen:Variant.Ransom.Bulz.101 (B)
VIPRE	Gen:Variant.Ransom.Bulz.101
Trapmine	malicious.moderate.ml.score
Ikarus	PUA.BlackMoon
MAX	malware (ai score=82)
Jiangmin	Trojan.Blamon.ase
Antiy-AVL	Trojan[Banker]/Win32.Blackmoon.a
Microsoft	Trojan:Win32/Wacatac.B!ml
Xcitium	TrojWare.Win32.ServStart.DM@6edgy4
Arcabit	Trojan.Ransom.Bulz.101 [many]
GData	Gen:Variant.Ransom.Bulz.101 (2x)
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C3302801
ALYac	Gen:Variant.Ransom.Bulz.101
Malwarebytes	RiskWare.Agent.EY
Panda	Trj/GdSda.A
SentinelOne	Static AI – Suspicious PE
MaxSecure	Dropper.Dinwod.frindll
Fortinet	Riskware/Blackmoon
DeepInstinct	MALICIOUS

How to remove Ransom.Bulz.101?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Ransom.Bulz.101”?

Gridinsoft Anti-Malware

How to determine Ransom.Bulz.101?

File Info:

Version Info:

Ransom.Bulz.101 also known as:

How to remove Ransom.Bulz.101?

About the author

Paul Valéry

Leave a Comment X

Gridinsoft Anti-Malware

How to determine Ransom.Bulz.101?

File Info:

Version Info:

Ransom.Bulz.101 also known as:

How to remove Ransom.Bulz.101?

You may also like

About the author

Paul Valéry

Leave a Comment X