Malware

Ursu.241027 (file analysis)

Malware Removal

The Ursu.241027 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.241027 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ursu.241027?



File Info:

crc32: 7E1D104A
md5: ddf3e55a61ad838450c3e6cee0a23d37
name: DDF3E55A61AD838450C3E6CEE0A23D37.mlw
sha1: 02a057a7bcbcb8f0c005b98dd71f33f257c2a840
sha256: cbc34f2bde81a0e629d26fd74f75e889e7e67a47b72fce08ad148143f5f7102d
sha512: ec2724d51d6d7e5d969c087266a16972ab31623aa2a216d667c7a0095b2e82f3b2993e62c81ca512557d513fd2e3c74076311e713e213182144d296cbb5f3b80
ssdeep: 6144:1ExFnvIO6IaPCOOWSr0qqD/Bd07YBY8pOz:1ExFnvIO6IaPCVW2RqrBdLBY/
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2009-2013 contidata GmbH
InternalName: MAXXcollector
FileVersion: 2.5.0.0
CompanyName: contidata Datensysteme GmbH
Comments: MAXX
ProductName: MAXXcollector
ProductVersion: 2.5.0.0
FileDescription: MAXXcollect vending data collector
OriginalFilename: MAXXcollector.exe
Translation: 0x0407 0x04b0

Ursu.241027 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacGen:Variant.Ursu.241027
SangforTrojan.Win32.Heuristic.rg
AlibabaRansom:Win32/Hoblig.5f9e0c11
Cybereasonmalicious.a61ad8
APEXMalicious
AvastFileRepMalware
BitDefenderGen:Variant.Ursu.241027
MicroWorld-eScanGen:Variant.Ursu.241027
Ad-AwareGen:Variant.Ursu.241027
SophosML/PE-A
FireEyeGeneric.mg.ddf3e55a61ad8384
EmsisoftGen:Variant.Ursu.241027 (B)
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_70%
ArcabitTrojan.Ursu.D3AD83
GDataGen:Variant.Ursu.241027
AhnLab-V3Malware/Win32.Generic.C2600407
VBA32BScope.TrojanRansom.Scatter
RisingTrojan.Generic@ML.91 (RDML:RxIqrKkN8zEDnPw0Sl3JuA)
MaxSecureTrojan.Malware.300983.susgen
AVGFileRepMalware

How to remove Ursu.241027?

Ursu.241027 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment