Malware

About “Ursu.158223” infection

Malware Removal

The Ursu.158223 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.158223 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine Ursu.158223?



File Info:

name: 1FBC1390AD7E3191C31E.mlw
path: /opt/CAPEv2/storage/binaries/0710cdf27b370f66f3ace5a674c4be263c8454fe60ada7420e752648f7f76621
crc32: 6CB30307
md5: 1fbc1390ad7e3191c31ee9fe08a047d4
sha1: f3ebda2ec2e13c986f112cfa4e0228749d138273
sha256: 0710cdf27b370f66f3ace5a674c4be263c8454fe60ada7420e752648f7f76621
sha512: 956f4f14530e2372db8c2e2e097835af8031b70f93ef908b6a9ebdcd27b914141c141deda6340dca1c38ee33c1b507b27f46974c8a47401518f5fa0c6e60f328
ssdeep: 3072:G07ER1NYR5iPRHJcNuKp58JugAORp2sFO9aQN0+Dy1K9fE2FoXxE9xmoFIxmKXYg:G07ER1NYnqc7WoUDSUZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15286BEBA5C687C2371328CD5B42E2A49F91C6063BC9C7F5B5CEBC2547CA6A43358B18D
sha3_384: 7152da8c29c7fb432b5fd0f4985f5213fec59d89ac01ab68fd9fc3bc73f108f66953d80e948895f5bfe5f6a168a0a0a9
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-05-02 11:00:33


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: CleanServer.exe
LegalCopyright:  
OriginalFilename: CleanServer.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Ursu.158223 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoader26.42680
MicroWorld-eScanGen:Variant.Ursu.158223
FireEyeGeneric.mg.1fbc1390ad7e3191
ALYacGen:Variant.Ursu.158223
CylanceUnsafe
K7AntiVirusTrojan ( 00516d291 )
AlibabaTrojan:MSIL/Kryptik.4fc7cd11
K7GWTrojan ( 00516d291 )
Cybereasonmalicious.0ad7e3
BitDefenderThetaGen:NN.ZemsilF.34062.@p0@amcOayg
CyrenW32/Trojan.BPG.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.KWE
TrendMicro-HouseCallTROJ_GEN.R007C0PL421
Paloaltogeneric.ml
KasperskyHEUR:Trojan.MSIL.Generic
BitDefenderGen:Variant.Ursu.158223
NANO-AntivirusTrojan.Win32.Kryptik.fazqvv
AvastWin32:Malware-gen
TencentMsil.Trojan.Kryptik.Ecvc
Ad-AwareGen:Variant.Ursu.158223
SophosMal/Generic-S
ComodoMalware@#ge4py3xypi17
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R007C0PL421
McAfee-GW-EditionPacked-YC!1FBC1390AD7E
EmsisoftGen:Variant.Ursu.158223 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ursu.158223
AviraTR/Dropper.Gen
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.25F97C1
MicrosoftBackdoor:MSIL/Bladabindi
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.ADH.C82131
McAfeePacked-YC!1FBC1390AD7E
VBA32TScope.Trojan.MSIL
MalwarebytesGeneric.Malware/Suspicious
APEXMalicious
YandexTrojan.Agent!mIKT+hUGpNg
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.Malware.11196064.susgen
FortinetMSIL/Kryptik.KWE!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ursu.158223?

Ursu.158223 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment