Malware

Ursu.186248 (file analysis)

Malware Removal

The Ursu.186248 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.186248 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Ursu.186248?



File Info:

name: 0143F13BF1CFA45702BB.mlw
path: /opt/CAPEv2/storage/binaries/0a1442ddb79e6a3fddfc15ed3d5dacd1275c3a92b4c9d03ed1c9aaa6e2ab4ed9
crc32: 818C8B96
md5: 0143f13bf1cfa45702bb70cf9470f7f2
sha1: a500bd2602e6b9504bfac9f288fe8b30fca572d5
sha256: 0a1442ddb79e6a3fddfc15ed3d5dacd1275c3a92b4c9d03ed1c9aaa6e2ab4ed9
sha512: 94239327c185b950b143a6c11e3184292fd96db84e640d2eecfe87d2fb38b5ee6356f1f455a3943f355029260ad4a0aac5ae29ceafcc120fa1e14cfb6782e0e6
ssdeep: 1536:z13RjdRxFtHw6jJVyw+3RA7AjC8KB0qoA9yLNfftsUJyrHxI8HBSC7sxJFQ8F:pRjtHw6uw+31C8KB0TlHYR58C7svFbF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T117C328127B84430AE86810B980FF113513F4AED79673D39A7F5832DD1D71BA3AE46AC9
sha3_384: 35a3ffcdd2f050aa46107bb42b464e510938ee4650da39626aa97f63a0c3d9c63c053747f7cb99bf75e27894155e2931
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-03-20 11:05:04


Version Info:

Translation: 0x0000 0x04b0
Comments: segik
CompanyName: w
FileDescription: Aghsel
FileVersion: 56.7.5.3
InternalName: Publisher.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: Publisher.exe
ProductName: orged
ProductVersion: 56.7.5.3
Assembly Version: 4.5.3.2

Ursu.186248 also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Multi.Generic.4!c
MicroWorld-eScanGen:Variant.Ursu.186248
FireEyeGeneric.mg.0143f13bf1cfa457
ALYacGen:Variant.Ursu.186248
CylanceUnsafe
SangforRootkit.Win32.Agent.gen
K7AntiVirusAdware ( 00507f311 )
AlibabaAdWare:MSIL/Perseus.d2d31265
K7GWAdware ( 00507f311 )
Cybereasonmalicious.bf1cfa
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Adware.CsdiMonetize.N
APEXMalicious
Kasperskynot-a-virus:HEUR:AdWare.MSIL.Perseus.gen
BitDefenderGen:Variant.Ursu.186248
NANO-AntivirusRiskware.Win32.CsdiMonetize.eprmea
SUPERAntiSpywarePUP.Amonetize/Variant
AvastWin32:Rootkit-gen [Rtk]
TencentMsil.Adware.Csdimonetize.Bxj
Ad-AwareGen:Variant.Ursu.186248
EmsisoftGen:Variant.Ursu.186248 (B)
ComodoApplicUnwnt@#1oyjilkcw80fv
F-SecureHeuristic.HEUR/AGEN.1203820
DrWebTrojan.MulDrop3.23511
ZillyaAdware.CsdiMonetize.Win32.756
TrendMicroTROJ_GEN.R002C0PC222
McAfee-GW-EditionGenericRXLN-TV!0143F13BF1CF
SophosGeneric PUA KF (PUA)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ursu.186248
WebrootW32.Trojan.GenKD
AviraHEUR/AGEN.1203820
MAXmalware (ai score=86)
Antiy-AVLTrojan/Win32.TSGeneric
ArcabitTrojan.Ursu.D2D788
ViRobotTrojan.Win32.Z.Csdimonetize.129536.A
ZoneAlarmnot-a-virus:HEUR:AdWare.MSIL.Perseus.gen
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.MSIL.R195555
Acronissuspicious
McAfeeGenericRXLN-TV!0143F13BF1CF
VBA32TScope.Trojan.MSIL
MalwarebytesAdware.Tuto4PC
TrendMicro-HouseCallTROJ_GEN.R002C0PC222
RisingTrojan.Generic/MSIL@AI.98 (RDM.MSIL:XQIO2tGvFyU5Byz6wIUHjQ)
YandexPUA.CsdiMonetize!AZtBIl+idhw
IkarusAdWare.MSIL.Csdimonetize
MaxSecureTrojan.Malware.12215808.susgen
FortinetAdware/CsdiMonetize
BitDefenderThetaGen:NN.ZemsilF.34638.hq0@ayc4TRg
AVGWin32:Rootkit-gen [Rtk]
PandaTrj/GdSda.A
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Ursu.186248?

Ursu.186248 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment