Categories: Malware

Ulise.102767 removal tips

The Ulise.102767 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ulise.102767 virus can do?

Executable code extraction
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Unconventionial language used in binary resources: Russian
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Steals private information from local Internet browsers
Network activity contains more than one unique useragent.
Collects information about installed applications
Creates a hidden or system file
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

bbenttexas.com

iplogger.org

www.bing.com

ip-api.com

How to determine Ulise.102767?


File Info:
crc32: 683ADE45md5: 9fc02b388543222c388a70f1b007659cname: wotsuper3.exesha1: 42a5a499e32765c6793045a699e5ec4877212f5bsha256: 1f9d6fa9b14724c0456e4fe09befc832222601681eaac1357582dbd8ea8a290fsha512: 9f265b3451a8bfc023788f60adb41d13401dbfc8cef54a5bcc323435eb0ed8de5e39b17cd9387b3df1fe13b13b914dc036a27c12f483ff61c7618757bd7e3e3assdeep: 12288:pANwRo+mv8QD4+0V16jJP+OuJiArYRWVHL0n+B96z:pAT8QE+kUJP+OuBrYQVHLcztype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: wotsuper                                                                                            FileDescription: wotsuper 2.1 Installation                                   FileVersion: 2.1                 Comments: CompanyName: wotsuper                                                    Translation: 0x0409 0x04e4

Ulise.102767 also known as:

MicroWorld-eScan	Gen:Variant.Ulise.102767
FireEye	Generic.mg.9fc02b388543222c
McAfee	Artemis!9FC02B388543
Cylance	Unsafe
AegisLab	Trojan.Win32.Chapak.4!c
Sangfor	Malware
K7AntiVirus	Password-Stealer ( 0054d1a31 )
BitDefender	Gen:Variant.Ulise.102767
K7GW	Password-Stealer ( 0054d1a31 )
CrowdStrike	win/malicious_confidence_60% (W)
TrendMicro	TROJ_GEN.R011C0PCG20
APEX	Malicious
Paloalto	generic.ml
GData	Gen:Variant.Ulise.102767
Kaspersky	HEUR:Trojan.Win32.Chapak.vho
Alibaba	TrojanPSW:Win32/Chapak.03f795f1
ViRobot	Trojan.Win32.Z.Graftor.511580
Tencent	Win32.Trojan.Chapak.Hytk
Emsisoft	Trojan-Dropper.Agent (A)
Comodo	Malware@#2o37kq5lfxyxu
F-Secure	Heuristic.HEUR/AGEN.1039771
DrWeb	Trojan.PWS.Stealer.28172
Invincea	heuristic
McAfee-GW-Edition	RDN/Generic PWS.y
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan-PSW.Agent
Cyren	W32/Trojan.RKFL-4742
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1039771
eGambit	Unsafe.AI_Score_99%
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Chapak
Endgame	malicious (moderate confidence)
Arcabit	Trojan.Ulise.D1916F
ZoneAlarm	HEUR:Trojan.Win32.Chapak.vho
Microsoft	Trojan:Win32/Occamy.C
AhnLab-V3	Malware/Win32.Generic.C3733562
ALYac	Trojan.Chapak.A
VBA32	BScope.Backdoor.Predator
Malwarebytes	Trojan.Downloader
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/PSW.Agent.OGR
TrendMicro-HouseCall	TROJ_GEN.R011C0PCG20
Rising	Stealer.Vidar!8.11173 (CLOUD)
MaxSecure	Trojan-Ransom.Win32.Crypmod.zfq
Fortinet	W32/Agent.OGR!tr.pws
BitDefenderTheta	Gen:NN.ZexaF.34100.HmW@ameUgyn
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.885432
Avast	Win32:PWSX-gen [Trj]
Qihoo-360	Win32/Trojan.ef6