Malware

What is “ML/PE-A + Troj/Urelas-I”?

Malware Removal

The ML/PE-A + Troj/Urelas-I is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Troj/Urelas-I virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • A process created a hidden window
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine ML/PE-A + Troj/Urelas-I?



File Info:

name: E1071A12E78DB2A26186.mlw
path: /opt/CAPEv2/storage/binaries/9390f2e8a5b16c3aaf419f194fe771b5ec5701d9f05bed58d81568af6c4de415
crc32: 7012987D
md5: e1071a12e78db2a2618632df43d134db
sha1: 1f97d2fbe50e394a5732e72c383884d5d10c9df2
sha256: 9390f2e8a5b16c3aaf419f194fe771b5ec5701d9f05bed58d81568af6c4de415
sha512: ab26f372f1f5a562780a7d8c45dc639663dd6e64d2489a6a162f1ae8e477667f38515a100fc6bfc6b324f3265818972b5383be9d94922bef02f77876f0c209fa
ssdeep: 6144:NxZtkaDv51Tn2qM6De4W40f4oAYrMfZ2kKED:JDvTnx7DeN40fnnul
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19854F106620004A8F35D4F30AA16F9E149A6AE3D51E0F19FE53DBD37B8721976A7305F
sha3_384: 1b81464c7b9bf1cc90fd5bda098db0f388362ceab7d48acd11cc66c98f38fe229501743d56f2ba05fd139ed712d4c716
ep_bytes: 60e80000000058055a0b00008b3003f0
timestamp: 2013-10-26 06:32:50


Version Info:

0: [No Data]

ML/PE-A + Troj/Urelas-I also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.SP.Urelas.1
FireEyeGeneric.mg.e1071a12e78db2a2
CAT-QuickHealTrojan.Gupboot.G.mue
McAfeeTrojan-FQEF!E1071A12E78D
CylanceUnsafe
ZillyaTrojan.Urelas.Win32.44067
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0053eefa1 )
K7GWTrojan ( 0053eefa1 )
Cybereasonmalicious.2e78db
BitDefenderThetaGen:NN.ZexaF.34294.smraaCOGqIlO
CyrenW32/S-70ea8839!Eldorado
SymantecSMG.Heur!gen
ESET-NOD32a variant of Win32/Urelas.S
BaiduWin32.Trojan.Urelas.a
APEXMalicious
ClamAVWin.Packed.Mikey-9645700-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Mint.SP.Urelas.1
AvastWin32:Trojan-gen
TencentTrojan.Win32.Agent.afs
Ad-AwareGen:Heur.Mint.SP.Urelas.1
EmsisoftGen:Heur.Mint.SP.Urelas.1 (B)
ComodoTrojWare.Win32.Urelas.ET@5ihp6w
DrWebTrojan.AVKill.33637
VIPRETrojan.Win32.Urelas.ab (v)
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.dc
SophosML/PE-A + Troj/Urelas-I
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.IEM8FJ
JiangminBackdoor/Plite.y
AviraTR/Crypt.XPACK.Gen3
Antiy-AVLTrojan/Generic.ASMalwS.55A069
ArcabitTrojan.Mint.SP.Urelas.1
MicrosoftTrojan:Win32/Urelas.AA
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Urelas.R83966
Acronissuspicious
VBA32Trojan.AVKill
MAXmalware (ai score=88)
MalwarebytesMalware.AI.1357517186
RisingTrojan.Gupboot!1.9CEA (CLASSIC)
YandexTrojan.Agent!3ZUasgTVik8
IkarusTrojan.Win32.Gupboot
eGambitUnsafe.AI_Score_95%
FortinetW32/Urelas.W!tr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove ML/PE-A + Troj/Urelas-I?

ML/PE-A + Troj/Urelas-I removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment