Malware

How to remove “Application.Fochi.Ursu.17”?

Malware Removal

The Application.Fochi.Ursu.17 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Application.Fochi.Ursu.17 virus can do?

  • Dynamic (imported) function loading detected
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Application.Fochi.Ursu.17?


File Info:

name: 23EB54E2117B1CD70368.mlw
path: /opt/CAPEv2/storage/binaries/18532cb1c76ccbc762d90bedac6e05761cc46866185486a3da131561b4df5264
crc32: 710CA716
md5: 23eb54e2117b1cd703680ec797a55b4c
sha1: 2b17fef492e8ae271755e21beb8c01cb1262f371
sha256: 18532cb1c76ccbc762d90bedac6e05761cc46866185486a3da131561b4df5264
sha512: e0eb33fbc3b7f5a9e10f052fb32e076e0b86df94e4df6108bb214f461699cc0b578d35a0eeb87a0e2a490f6eedbaec9c0bea4e01af15ed41b96ff3946dc35f6a
ssdeep: 24576:VSG1CYBib/ASfJ4YvARTglbP2cJe74SIzvZPLn:V/1CEeYXYoR82cJe7rIzt
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T12915122543FC0B92E6BA4B79207480850BB6BB0BEA6AFF4D6548B4DC2C537478533767
sha3_384: cf9e9730808f80b30b5e9b0de19606d77824175e589da08ac77464fcd5c3bee0d69230f71e52311060b3e3b2ecad5914
ep_bytes: ff250020400000000000000000000000
timestamp: 2104-08-16 18:12:57

Version Info:

Translation: 0x0000 0x04b0
CompanyName: SpecterOps
FileDescription: SharpHound
FileVersion: 1.0.3
InternalName: SharpHound.exe
LegalCopyright:
OriginalFilename: SharpHound.exe
ProductName: SharpHound
ProductVersion: 1.0.3
Assembly Version: 1.0.3.0

Application.Fochi.Ursu.17 also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
McAfeeSharpHound
MalwarebytesHackTool.SharpHound.Feye
BitDefenderGen:Variant.Application.Fochi.Ursu.17
Cybereasonmalicious.2117b1
ESET-NOD32a variant of MSIL/Riskware.SharpHound.C
APEXMalicious
CynetMalicious (score: 100)
MicroWorld-eScanGen:Variant.Application.Fochi.Ursu.17
AvastWin32:MiscX-gen [PUP]
Ad-AwareGen:Variant.Application.Fochi.Ursu.17
SophosBloodHoundAD (PUA)
McAfee-GW-EditionSharpHound
FireEyeGen:Variant.Application.Fochi.Ursu.17
EmsisoftGen:Variant.Application.Fochi.Ursu.17 (B)
GDataGen:Variant.Application.Fochi.Ursu.17
MAXmalware (ai score=74)
ArcabitTrojan.Application.Fochi.Ursu.17
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3HackTool/Win.SharpHound.C5001141
ALYacGen:Variant.Application.Fochi.Ursu.17
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:MiscX-gen [PUP]

How to remove Application.Fochi.Ursu.17?

Application.Fochi.Ursu.17 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment