Malware

Ursu.147479 (B) removal tips

Malware Removal

The Ursu.147479 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.147479 (B) virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Ursu.147479 (B)?



File Info:

name: 9239C7A98FB2346C9D0F.mlw
path: /opt/CAPEv2/storage/binaries/96295f95791423ac9daa33c4a91addd21c5db62c2b6f5f79232301be345132ae
crc32: 4F0EA1E6
md5: 9239c7a98fb2346c9d0f781c3c0f61b5
sha1: d78e22b215c5ac574e340e02c1b3eb9a45009ce1
sha256: 96295f95791423ac9daa33c4a91addd21c5db62c2b6f5f79232301be345132ae
sha512: 27cfe3c2b921387fc609cd257a6998a5d6be962dba8301278c13e9c309580a46c96c0bcee7feef6c729f893d114e99a88a355445456af01ba79bddcdc9d9f413
ssdeep: 12288:vp/Z1EUBznpm5E5zI8L18Q+F7hmnVtyVANb8tHVHtC0:R/ZaUBzDF8Qq7w/0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T155352FD635E46B45D62DB33C43BB64689BEED93AE308FF253F4020C944923C4DA51BA6
sha3_384: 08e73ac12f1ff2cbcef8c1a19fdbd3b0e4a276b375efd570f11dccb3af570343b1a590511c2660381a55cd500248b5c1
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-28 21:01:48


Version Info:

Translation: 0x0000 0x04b0
Comments: HHHHHHHHHHHHHHHHHHHHH
CompanyName: HHHHHHHHHHHHHHHHHHHHH
FileDescription: HHHHHHHHHHHHHHHHHHHHH
FileVersion: 1.0.0.0
InternalName: HHHHHHHHHHHHHHHHHHHHH.exe
LegalCopyright: HHHHHHHHHHHHHHHHHHHHH
LegalTrademarks: HHHHHHHHHHHHHHHHHHHHH
OriginalFilename: HHHHHHHHHHHHHHHHHHHHH.exe
ProductName: HHHHHHHHHHHHHHHHHHHHH
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ursu.147479 (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.147479
CAT-QuickHealBackdoor.Fynloski.A3
MalwarebytesMalware.AI.1007127234
CrowdStrikewin/malicious_confidence_60% (D)
BitDefenderGen:Variant.Ursu.147479
SymantecBackdoor.Ratenjay
ESET-NOD32a variant of MSIL/Injector.NHG
APEXMalicious
ClamAVWin.Packed.Zusy-7399662-0
Ad-AwareGen:Variant.Ursu.147479
EmsisoftGen:Variant.Ursu.147479 (B)
DrWebTrojan.PackedNET.149
FireEyeGeneric.mg.9239c7a98fb2346c
SophosML/PE-A
GDataGen:Variant.Ursu.147479
AviraHEUR/AGEN.1108977
MAXmalware (ai score=87)
ArcabitTrojan.Ursu.D24017
SUPERAntiSpywareTrojan.Agent/Gen-Faker
MicrosoftBackdoor:MSIL/Bladabindi.AJ
CynetMalicious (score: 99)
ALYacGen:Variant.Ursu.147479
SentinelOneStatic AI – Malicious PE
BitDefenderThetaGen:NN.ZemsilF.34294.cr0@auC!HUd
Cybereasonmalicious.98fb23
MaxSecureTrojan.Malware.300983.susgen

How to remove Ursu.147479 (B)?

Ursu.147479 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment