Malware

Ursu.309314 malicious file

Malware Removal

The Ursu.309314 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.309314 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Ursu.309314?



File Info:

name: EA77DD46B758193F31D3.mlw
path: /opt/CAPEv2/storage/binaries/fa5c7db59f1a73cd92d34f901f1d0052e75fab72e759fc77737bfd7601d80a1b
crc32: A5D590D5
md5: ea77dd46b758193f31d353f395b58d84
sha1: 9d1dd7552d0d8aed2907e3a450c8e91f698f075c
sha256: fa5c7db59f1a73cd92d34f901f1d0052e75fab72e759fc77737bfd7601d80a1b
sha512: 2f756864d95abdaba083d5646a8b93f9104e1cba027839dd6b64ae2a7630058e6ece44803b6176d7985c60340e57f8b4fb02468e62f5af022976c610e21aa71a
ssdeep: 24576:9RmJkcoQricOIQxiZY1iab4FRyWckdQWy8XO6Tr3MK6+hYS4E+jnVjwX4:yJZoQrbTFZY1iab4FRyWhdvrRMK6+hPw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17E55F212F5C69036C2B323B19E7EF76A9A3D79361336D2D727C82D315E605812B29723
sha3_384: 30dc20f9c3a96b0dbc72b80b1c8305743b47fd99b2b927ed814b7e564f667dd36d9f0240f432f5199f24e765caea89c0
ep_bytes: e816900000e989feffffcccccccccc55
timestamp: 2012-01-29 21:32:28


Version Info:

FileVersion: 18.8.27.0
Comments: AutoScanSvc.exe
FileDescription: AutoScanSvc.exe
LegalCopyright: RRD
ProductVersion: 3.2
ProductName: AutoScanSvc 18.8.27.0
Translation: 0x0409 0x04b0

Ursu.309314 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Zbot.4!c
MicroWorld-eScanGen:Variant.Ursu.309314
FireEyeGeneric.mg.ea77dd46b758193f
McAfeeArtemis!EA77DD46B758
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.207206
K7AntiVirusSpyware ( 00009b291 )
AlibabaTrojanSpy:Win32/Generic.e630a248
K7GWSpyware ( 00009b291 )
CrowdStrikewin/malicious_confidence_70% (W)
ESET-NOD32Win32/Spy.Zbot.YW
APEXMalicious
BitDefenderGen:Variant.Ursu.309314
AvastWin32:Malware-gen
RisingTrojan.Obfus/Autoit!1.BEDE (CLASSIC)
Ad-AwareGen:Variant.Ursu.309314
SophosMal/Generic-S
ComodoMalware@#o65fp404lcpk
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
EmsisoftGen:Variant.Ursu.309314 (B)
GDataGen:Variant.Ursu.309314
WebrootW32.Trojan.Gen
AviraTR/Spy.Zbot.ufzku
Antiy-AVLTrojan/Generic.ASCommon.168
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojanSpy:Win32/Zbot
CynetMalicious (score: 99)
ALYacGen:Variant.Ursu.309314
VBA32Trojan.Autoit.F
TencentWin32.Trojan.Generic.Alsh
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Autoit.AZA
FortinetW32/Zbot.YW!tr.spy
AVGWin32:Malware-gen
Cybereasonmalicious.6b7581

How to remove Ursu.309314?

Ursu.309314 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment