Malware

Ursu.21180 removal instruction

Malware Removal

The Ursu.21180 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.21180 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Creates an excessive number of UDP connection attempts to external IP addresses
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Exhibits behavior characteristic of Cerber ransomware
  • EternalBlue behavior
  • Generates some ICMP traffic
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Ursu.21180?



File Info:

crc32: 2A0B4EF1
md5: 15e70d6ba91083d80ebf9700b759eacc
name: 15E70D6BA91083D80EBF9700B759EACC.mlw
sha1: 91471ca69b50a72398c507d09c4d2dc0c9e83ef3
sha256: 1247d0681e64cdfd5b26c7f3f6a5c1a3919f163a1ab833c2d8740b422ee847e3
sha512: 11f2f48769d98dbc61010409602075aca6ea87f62652d2409d75cdef74e6ab5210a96653c904faeb59d0836ce4ef2784fbf3534adb551ea6fd1d02853163ab22
ssdeep: 6144:gRss1/LYR/F2Klw4nHQlwvHeAce8kBWFS8+FmAt6k1z4YPiIjjjjjJINWAF:wHupF2KlwW0wWA1BWSlFmm6k1z4YPdIR
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2013. All rights reserved. The Audacity Team
InternalName: Submitting House
FileVersion: 8.8.6.4
CompanyName: The Audacity Team
FileDescription: Impersonate Populating Hilty The Dgpx2019s Toolprovider
LegalTrademarks: Copyright xa9 2013. All rights reserved. The Audacity Team
ProductName: Submitting House
ProductVersion: 8.8.6.4
PrivateBuild: 8.8.6.4
Translation: 0x0409 0x04b0

Ursu.21180 also known as:

K7AntiVirusTrojan ( 004e16c11 )
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop6.65196
CynetMalicious (score: 100)
ALYacGen:Variant.Ursu.21180
CylanceUnsafe
ZillyaTrojan.Cerber.Win32.109
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaRansom:Win32/generic.ali2000010
K7GWTrojan ( 004e16c11 )
Cybereasonmalicious.ba9108
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Filecoder.Cerber.B
APEXMalicious
AvastWin32:Trojan-gen
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Ursu.21180
NANO-AntivirusTrojan.Win32.Agent.eihhkr
MicroWorld-eScanGen:Variant.Ursu.21180
TencentMalware.Win32.Gencirc.10bc8bf1
Ad-AwareGen:Variant.Ursu.21180
SophosMal/Generic-S
ComodoMalware@#a5n0y1xy88uf
BitDefenderThetaGen:NN.ZexaF.34170.xq1@aCQ7@pei
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CERBER.F116KE
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
FireEyeGeneric.mg.15e70d6ba91083d8
EmsisoftGen:Variant.Ursu.21180 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Ransom.Gen
AviraTR/Crypt.ZPACK.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.1C5E88C
KingsoftWin32.Troj.Agent.(kcloud)
MicrosoftTrojan:Win32/Dynamer!ac
ArcabitTrojan.Ursu.D52BC
GDataGen:Variant.Ursu.21180
Acronissuspicious
McAfeeGeneric.aqi
MAXmalware (ai score=83)
VBA32Trojan.Agent
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_CERBER.F116KE
RisingTrojan.Generic@ML.100 (RDML:GFKisF/NnEWq7n7pNUECWA)
IkarusTrojan-Ransom.Crysis
FortinetW32/Generic.AC.3A0C50!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml

How to remove Ursu.21180?

Ursu.21180 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment