Malware

About “Ursu.205380” infection

Malware Removal

The Ursu.205380 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.205380 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the VMProtectStub malware family
  • Binary file triggered YARA rule
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ursu.205380?



File Info:

name: 001F3F349A1BEF1CF39F.mlw
path: /opt/CAPEv2/storage/binaries/f455833e974691a78b4c4ed31b77739562ee8b627dceeeaef804e8bf80d94c78
crc32: B42DEDE6
md5: 001f3f349a1bef1cf39fda7a193e3b91
sha1: e692ed6aacd6dd7a6f660ae07ed8c39d4a3551cd
sha256: f455833e974691a78b4c4ed31b77739562ee8b627dceeeaef804e8bf80d94c78
sha512: 0bfd001240dc2b17b0efc1522b0e89a745751322bf39beee1c1be09318616c41c5eb1f8988cd5742ad1b5921089a14eb5f688ca0a66a7db5de5f6f653b409b6c
ssdeep: 98304:FnM4E9TYiWIFbC1ysSmBIjQNl5iQV62S2e/sA2cXG9xjA1cPA:q4CYidFbCPg+lN6v25wGfuco
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16C4633E6346AB2C1EAFF137A3E1CFC646213337DA7EE931872DC75D9C10A6499918424
sha3_384: e08054fd5b72603c4c3700571fe8a89fb20876f5223626058631ae926e8038b6ef70b08f7444bef61b522c3de1583194
ep_bytes: 9ce849eff4ffbd4a764ac7baceebdeb3
timestamp: 2016-01-28 12:43:33


Version Info:

FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Ursu.205380 also known as:

BkavW32.Common.B85287AB
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.205380
FireEyeGeneric.mg.001f3f349a1bef1c
SkyhighBehavesLike.Win32.InstallMonster.tc
McAfeeArtemis!001F3F349A1B
Cylanceunsafe
SangforSpyware.Win32.Mekotio.Vlmh
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojanSpy:Win32/Mekotio.1927ed63
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderThetaGen:NN.ZexaF.36802.@V0@aulxt3li
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Spy.Mekotio.V
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002C0RAP24
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Ursu.205380
NANO-AntivirusTrojan.Win32.Drop.ebgofk
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.13febb9e
EmsisoftGen:Variant.Ursu.205380 (B)
F-SecureHeuristic.HEUR/AGEN.1334867
DrWebTrojan.MulDrop6.21745
VIPREGen:Variant.Ursu.205380
TrendMicroTROJ_GEN.R002C0RAP24
SophosMal/VMProtBad-A
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Ursu.205380
ALYacGen:Variant.Ursu.205380
AviraHEUR/AGEN.1334867
Antiy-AVLTrojan/Win32.SGeneric
XcitiumMalware@#2fzfcy2h5igj3
ArcabitTrojan.Ursu.D32244
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
GoogleDetected
MAXmalware (ai score=83)
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CI.A
RisingTrojan.Generic@AI.99 (RDML:IMCrmxajgMlxZiS8FIF2QA)
YandexTrojan.Agent!ie/MaHDxnoc
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:Malware-gen
Cybereasonmalicious.49a1be
DeepInstinctMALICIOUS
alibabacloudVirTool:Win/Packed.VMProtect.AAG(dyn)

How to remove Ursu.205380?

Ursu.205380 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment