Malware

Ulise.165094 (file analysis)

Malware Removal

The Ulise.165094 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ulise.165094 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ulise.165094?



File Info:

name: FE2CEBEE0DFBAE482F46.mlw
path: /opt/CAPEv2/storage/binaries/c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a
crc32: F91E2162
md5: fe2cebee0dfbae482f46e693bbc451bf
sha1: 2a8e6e73706ef94b52681c5ae156504daa629589
sha256: c2209697fccff0d07f6f9b80cb9581f19bb8c68220a4d8f01a378c766270cd0a
sha512: 4d52dcb5b93650457570cfa72bf5a0a1bd9752cb1b813269e4132b2303d91b3519158859fb327d7f0f332d1f96eb9062f3e297a2abceb7b736aaa31453744b6e
ssdeep: 3072:FlyCWX6fkKuRR6gLKVBIERq7cbo32DgjUikZBJOtO1XI3pmAqFueZcKP+VGrtfra:PBdktvObRqlWg2BJdwwAqFueZc2+gxtM
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1B1041259A3499BB8F9707576E22B7E0F09B48821A8D3406DD9BC311B1E32F951F7C86C
sha3_384: 22d0c49e59d25c16913d72516e50c24b76b555722b707b9c8c3df42c61b5bfe605d5223daeece0f5fc409086e3d03b0c
ep_bytes: 60be001046008dbe0000faff5789e58d
timestamp: 2023-10-22 15:56:13


Version Info:

FileVersion: 1.0.0.0
FileDescription: TNT
ProductName:  TNT
ProductVersion: 1.0.0.0
CompanyName:  
LegalCopyright:   版权所有
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Ulise.165094 also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Ulise.165094
SkyhighBehavesLike.Win32.Generic.cc
ALYacGen:Variant.Ulise.165094
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0051918e1 )
BitDefenderGen:Variant.Ulise.165094
K7GWTrojan ( 0051918e1 )
Cybereasonmalicious.3706ef
BitDefenderThetaGen:NN.ZexaF.36792.lqKfaKNsXNbb
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.BlackMoon.A suspicious
APEXMalicious
KasperskyUDS:Trojan.Win32.SBadur.gen
NANO-AntivirusVirus.Win32.Gen.ccmw
RisingHackTool.CoinMiner!8.F154 (CLOUD)
SophosMal/Generic-S
F-SecureTrojan.TR/Downloader.Gen
DrWebTrojan.DownLoader46.26094
VIPREGen:Variant.Ulise.165094
TrendMicroTROJ_GEN.R03BC0WJQ23
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.fe2cebee0dfbae48
EmsisoftGen:Variant.Ulise.165094 (B)
SentinelOneStatic AI – Suspicious PE
MAXmalware (ai score=89)
WebrootW32.Trojan.Gen
AviraTR/Downloader.Gen
MicrosoftTrojan:Win32/Caynamer.A!ml
XcitiumTrojWare.Win32.Kuluoz.DLL@5t8nbt
ArcabitTrojan.Ulise.D284E6
ZoneAlarmVHO:Trojan.Win32.Convagent.gen
GDataGen:Variant.Ulise.165094
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R587841
McAfeeArtemis!FE2CEBEE0DFB
DeepInstinctMALICIOUS
VBA32BScope.Backdoor.Androm
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R03BC0WJQ23
IkarusPUA.BlackMoon
MaxSecureDropper.Dinwod.frindll
FortinetW32/Agent.WP!tr
AVGWin32:Evo-gen [Trj]
AvastWin32:Evo-gen [Trj]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Ulise.165094?

Ulise.165094 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment