PUP.Bulz.AG

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Bulz.AG
Signature status:	No Signature

Known Samples

MD5: 0a98211c0c84ecf5537ade7c211c532e

SHA1: 10f1feb06961b975eb414e09dc7c9626b3b82f26

File Size: 41.93 KB, 41934 bytes

MD5: c2ae7d069a64fedb4bb48f9d4e2a8c7f

SHA1: 80dbcb1c4d047fe6c94fe063fe14dc42c7c15062

SHA256: 5ECB07FDC738E12814BDBF15DFD60C2A87CD13C53AB5FD6725FE494A1D506158

File Size: 59.40 KB, 59404 bytes

MD5: f6241eff813092699c43406f247bed07

SHA1: f1f28e0c3220663d6247c1fa920f371543210953

SHA256: 195E7928568914117355420562D2452175FDBD4B13766AB75F4FF475768FCEA0

File Size: 42.67 KB, 42667 bytes

MD5: ceb23c104c063e7039aaab7d11009a54

SHA1: 4dccc3ff324d733dfcf02a3df5c0c4dec6b9dc10

SHA256: 525A4612CBAC93F2971956B83263151C5B6A92361AAF10A1C86808D65755B44D

File Size: 41.93 KB, 41934 bytes

MD5: 9f8bd394c732819022edf1f208e32113

SHA1: f1ef912cb50d29512e90ad1655f269af0ce9fa0b

SHA256: 6B8D834124FCBA6C830AF838901F6B707A4509D4355C976AFB67B69C4B17B47B

File Size: 41.81 KB, 41812 bytes

MD5: df6791162ac8240da749075a5071f38a

SHA1: bd63f6cedb0b61f23e38f6254b4c26352a83a089

SHA256: F89391CB30F439BC523FB72F6F61F19432FE4C09F9FD2A3E62F6A7CA9DF8389B

File Size: 40.77 KB, 40766 bytes

MD5: d287527da39f99e99f746bb6e783dcd1

SHA1: bfb405d6b1bfb99d8db7cfc4cb7825df511e024c

SHA256: 8ADB383B522ACC5BF165A51FACD2CE0320FBAEEC174CDA24882FFF2F27BEBDE1

File Size: 41.93 KB, 41932 bytes

MD5: 544ccd9c8e7577d53c69f7eb1ad754f2

SHA1: c0e4506fbb8cbca4193d9c4f61e6817582f7ad96

SHA256: C6C09FD674965938FB557C1FD73ACB4F8257F32EEFEA1E253480FBB5B6DEEBC5

File Size: 40.77 KB, 40766 bytes

MD5: 16857896ab6650a8ed7d43532d016ca7

SHA1: b7d2172d7a1e4f4b655865db84a1725841fe254c

SHA256: D466AEA226CD91FF0573B3CF00D798C51609F713AF26EC2650EBA73AFB15F837

File Size: 40.77 KB, 40766 bytes

MD5: 04ae20ddfee4741ad7c74aa98ce9e129

SHA1: 4bb5209d20804e934e5d5fd0646bbc4a0c4c5267

SHA256: 693994F007F5084C2F7AD8BA418E87327A5B84F4347F16E0CC84D2FF0BBE64FC

File Size: 40.77 KB, 40766 bytes

MD5: a66b3cf993e4e955325158d71d43a04d

SHA1: 16ccb9beb7d7dee0f998d432c877d8971bc3ea2d

SHA256: 6E9A654E8C6360FC323604331D571A3653BAABD19655C9F54C863D29A1B5FEF8

File Size: 40.77 KB, 40766 bytes

MD5: 419f5a379b82fe155e056680549737ee

SHA1: a8da23becceca62f4550f0a02bb1db19d452cb30

SHA256: 121939472AA889D3E8C4B4AEEA3A77403B5C9483387DB51C99FE84F927E97A30

File Size: 40.77 KB, 40766 bytes

MD5: 03e1eaddd1e1bbd5d4d862c876335a40

SHA1: 89b9a385a9e22fdd6a0c3f3127c28972e6f83fc8

SHA256: 53151A1715212CBB773FE4B1AAD0DD058AEEF1A034B24B1B82FB5BB5BD3D13BA

File Size: 44.35 KB, 44347 bytes

MD5: d76926591f439baa6ee3c93e3dafc577

SHA1: 3e7173265ae9275916f167749d3f8bf0d550837c

SHA256: 38306217F9404AD41D1B0DD09826C612DE2C53A2862A47A26818B3C78B75FA4F

File Size: 40.76 KB, 40764 bytes

MD5: c89a6a9c5f9ab1ec3597d13f38d1598f

SHA1: 38c2be046c414c19c82858e4a049bb41814f7757

SHA256: B0FB44C7DAE78B495A68973907E86110D83FE0783567B1B01367DA966E02F52A

File Size: 41.93 KB, 41932 bytes

MD5: 1f3b3c905bece856c3bbdf4f408a3ba7

SHA1: fe845d025fa907933f5696fff8beec0125832c46

SHA256: 42E5ADEE6A787B7735469FA6828D337B6D2E8BE75D8AB2CBF6F21A5D8859DC8C

File Size: 40.76 KB, 40764 bytes

MD5: 4567798aaf738cf435610e65b2d17340

SHA1: 18af1ce98da35c46fed18c971ae3b0e70d26d1ac

SHA256: 143CB7665DD7D15C09279FE4CC0BD84E2EE94416896402F58EFB62E9126A9C89

File Size: 40.77 KB, 40766 bytes

MD5: c6b095dfd23f0632650f881fb15a1d92

SHA1: 00b13f9b2522c482ae8be5d47442f6e25d9a5fa9

SHA256: 392635FD6C98F11FC4AE233F4AD5AAFC43CD7748FB4C05FFF7CFA3BA11A581E7

File Size: 59.40 KB, 59404 bytes

MD5: 861c031f9bf2ba41ff5c1aade58fb868

SHA1: ac4fe242ba4a94b633cb55901a659a2fced84a2e

SHA256: B233582AEB35A84E3E0AB871FF6B19C8294B2E05E2831556713F02D6A8BB3598

File Size: 40.77 KB, 40766 bytes

MD5: 7c19578b9ef015d006175b30ff303a09

SHA1: a1b8654248b2e89df8eddb0aba24392c5cf1c44a

SHA256: F155F6C9A141A5B4A00E7A55282AE1A215B46ABC4CC50765789C76DCDD01C499

File Size: 41.93 KB, 41934 bytes

MD5: ebbc249913f4f89add4822160f625652

SHA1: f13fced18dbcf866b372012c7de2b3b75add7894

SHA256: 4070EDC3B1A9491C1F9039A7581FF81660FC09AC93FAE339C7D19CFEBDF0D71B

File Size: 40.77 KB, 40766 bytes

MD5: e38340b3e378724fa4ee83bbb7574308

SHA1: d764445c06b49ef6a8cbd21ca325027b62b3a269

SHA256: 2EB748EAEA7469B22361ED61E7704F3D9B71197A5636A1DFED0D00FBCB40A998

File Size: 40.77 KB, 40766 bytes

MD5: df364957b5944f2416cb844fc0cb82a2

SHA1: cf314ff43a3291a9b43621b79022f2fccb9ee4aa

SHA256: A1ACEEC452AC03808CD6CB18D750E172ADC85728DE1139384A750C7769CA0592

File Size: 44.88 KB, 44875 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has TLS information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

No Version Info
x86

Block Information

Total Blocks:	216
Potentially Malicious Blocks:	1
Whitelisted Blocks:	215
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.DFGA
Agent.FGHC
Agent.FSB
Agent.LIB
Agent.XXA

BadJoke.XA
Bulz.AG
Injector.DRC
Injector.DRD
Keylogger.GDC
Keylogger.XA
KillWin.E
Kryptik.DYC
Kryptik.XXBA
Kryptik.XXBF
Rozena.XAC
Rozena.XAE
ShellcodeRunner.YC
ShellcodeRunner.YD
Trojan.Agent.Gen.ARF
Trojan.Downloader.Gen.EB
Trojan.Injector.Gen.BGH
Votos.A

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Bulz.AG

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Injector.KSB

Forestrievic.com

Pencetbnb.xyz

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen