What is "Application.Ursu.352383"?

The Application.Ursu.352383 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Application.Ursu.352383 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Presents an Authenticode digital signature
Creates RWX memory
Dynamic (imported) function loading detected
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Application.Ursu.352383?


File Info:
name: 08D627B7449E6A1B6B2F.mlw
path: /opt/CAPEv2/storage/binaries/fbd308782c9eef45495fedce7439ef00c573f2ce50330f066e89adf87e3215da
crc32: A6C691F4
md5: 08d627b7449e6a1b6b2f4931f9ed617a
sha1: 0f4547a79d259cb5caeaddd21a993ba6a1ae9471
sha256: fbd308782c9eef45495fedce7439ef00c573f2ce50330f066e89adf87e3215da
sha512: 135231ccfc1fe743468c827ebaadf208293f64bfb637482b4dab066cd92369f69003c946591ae2205ed4300b7d8587e9f1352e30c465e0edf7a640e4bf91beac
ssdeep: 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M0x:6T3E53Myyzl0hMf1tr7Caw8M0x
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T105856C02B7998012FE5F5E329619F231F9382C9F7E1F751E1E483A3A65B31E12529273
sha3_384: 9958c92318c22d2c91eb3930a1f0a3fd863d07431e8bf2795af65600fbf4d60b7f13f7f6df55efa26b822eb92c0d5e04
ep_bytes: e8b8d00000e97ffeffffcccccccccccc
timestamp: 2018-03-15 13:14:39

Version Info:
CompanyName: AutoIt Team
Comments: http://www.autoitscript.com/autoit3/
FileDescription: AutoIt v3 Script
FileVersion: 3, 3, 14, 5
InternalName: AutoIt3.exe
LegalCopyright: ©1999-2018 Jonathan Bennett & AutoIt Team
OriginalFilename: AutoIt3.exe
ProductName: AutoIt v3 Script
ProductVersion: 3, 3, 14, 5
Translation: 0x0809 0x04b0

Application.Ursu.352383 also known as:

Elastic	malicious (high confidence)
FireEye	Gen:Variant.Application.Ursu.352383
McAfee	Artemis!08D627B7449E
BitDefender	Gen:Variant.Application.Ursu.352383
CrowdStrike	win/malicious_confidence_60% (W)
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
MicroWorld-eScan	Gen:Variant.Application.Ursu.352383
Sophos	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.TrojanAitInject.tm
Emsisoft	Gen:Variant.Application.Ursu.352383 (B)
APEX	Malicious
Jiangmin	Packed.Krap.gvuo
Avira	DR/AutoIt.Gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Application.Ursu.352383
SentinelOne	Static AI – Malicious PE
VBA32	TScope.Trojan.MSIL
ALYac	Gen:Variant.Application.Ursu.352383
MAX	malware (ai score=74)
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Ursu.3523!tr
AVG	Win32:Malware-gen
Cybereason	malicious.7449e6

How to remove Application.Ursu.352383?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Application.Ursu.352383”?

Gridinsoft Anti-Malware

How to determine Application.Ursu.352383?

File Info:

Version Info:

Application.Ursu.352383 also known as:

How to remove Application.Ursu.352383?

About the author

Paul Valéry

Leave a Comment X

Gridinsoft Anti-Malware

How to determine Application.Ursu.352383?

File Info:

Version Info:

Application.Ursu.352383 also known as:

How to remove Application.Ursu.352383?

You may also like

About the author

Paul Valéry

Leave a Comment X