What is “Win32/Bundpil.BD”?

The Win32/Bundpil.BD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Bundpil.BD virus can do?

Authenticode signature is invalid
Binary file triggered YARA rule
Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Bundpil.BD?


File Info:
name: A530E4436C68F6F094A0.mlw
path: /opt/CAPEv2/storage/binaries/7647ff5856f12374976cf906b521c0db8e54cb27251afe527ed98328f5f60a84
crc32: B84E38B1
md5: a530e4436c68f6f094a066c69193130f
sha1: 2b2607c20f7f4f6001e6b9d118e1d407e98d57c3
sha256: 7647ff5856f12374976cf906b521c0db8e54cb27251afe527ed98328f5f60a84
sha512: 64225874debb25b52b359f9618ea3bcf2f00d4b1d9d5870364671c39f105186e31f024838ae577401ad207ae99d89f21f3d885bde4804dbd18803c30f3c91790
ssdeep: 48:qfAr1C9XDvrXkxLVvrhWR0Ui5X4nBvystYVzwGGQx8sUMflt:FrA1rrXk3vrY0x8duVzwGGQx8Elt
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1D9716336B695FE77D098213216E72BDC205ACF25432301CB4E89863A586D3D27FF6B10
sha3_384: 0004cd47d082425ec97844c47f064400332e4d53a4d98aa0523089fcedc619974294ef55faed11703e1549a88a604c28
ep_bytes: 558bec518b450c8945fc837dfc017402
timestamp: 2013-07-02 21:12:18

Version Info:
0: [No Data]

Win32/Bundpil.BD also known as:

Bkav	W32.FamVT.DebrisA.Worm
DrWeb	Trojan.MulDrop4.25343
MicroWorld-eScan	Gen:Variant.Zusy.325289
CAT-QuickHeal	Trojan.Agent.WL
Skyhigh	Downloader-FOB!A530E4436C68
McAfee	Downloader-FOB!A530E4436C68
Malwarebytes	Worm.Agent.SM
Zillya	Worm.DebrisGen.Win32.3
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0040f52e1 )
K7GW	Trojan ( 0040f52e1 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZedlaF.36802.aq4@aubLRpe
VirIT	Worm.Win32.Generic.BRR
Symantec	W32.Dromedan
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Bundpil.BD
APEX	Malicious
TrendMicro-HouseCall	WORM_GAMARUE.SMF
ClamAV	Win.Worm.Debris-4
Kaspersky	Worm.Win32.Debris.al
BitDefender	Gen:Variant.Zusy.325289
NANO-Antivirus	Trojan.Win32.Debris.cfjcok
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
Avast	Win32:Sg-C [Trj]
Rising	Worm.Gamarue!1.9CC6 (CLASSIC)
Emsisoft	Gen:Variant.Zusy.325289 (B)
F-Secure	Worm.WORM/Gamarue.358494
Baidu	Win32.Worm.Bundpil.al
VIPRE	Gen:Variant.Zusy.325289
TrendMicro	WORM_GAMARUE.SMF
FireEye	Generic.mg.a530e4436c68f6f0
Sophos	W32/Gamarue-BJ
SentinelOne	Static AI – Malicious PE
MAX	malware (ai score=83)
Jiangmin	Worm/Debris.k
Webroot	W32.Worm.Gen
Google	Detected
Avira	WORM/Gamarue.358494
Varist	W32/Csyr.C.gen!Eldorado
Antiy-AVL	Worm/Win32.Debris.al
Kingsoft	malware.kb.a.1000
Microsoft	TrojanDownloader:Win32/Andromeda.SIB!MTB
Xcitium	Worm.Win32.Bundpil.BL@4zjaeb
Arcabit	Trojan.Zusy.D4F6A9
ViRobot	Trojan.Win32.Agent.3584.AX
ZoneAlarm	Worm.Win32.Debris.al
GData	Win32.Trojan.PSE1.RMRK9G
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.R73096
Acronis	suspicious
VBA32	Worm.Debris
ALYac	Gen:Variant.Zusy.325289
TACHYON	Worm/W32.Debris.3584.C
Cylance	unsafe
Panda	Trj/Vilsel.AF
Tencent	Worm.Win32.Debris.b
Ikarus	Worm.Win32.Debris
Fortinet	W32/Bundpil.AA!tr
AVG	Win32:Sg-C [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Worm:Win/Gamarue.efadea61

How to remove Win32/Bundpil.BD?

Win32/Bundpil.BD removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X