Malware

Ursu.311684 information

Malware Removal

The Ursu.311684 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.311684 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the shellcode patterns malware family
  • Deletes executed files from disk
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ursu.311684?



File Info:

name: 05E336BD894B6351C182.mlw
path: /opt/CAPEv2/storage/binaries/c7cb370d8644a16b2ef61a69e6067bcd20085bd96df4b558f8fa18d7ec2098f2
crc32: 5182A742
md5: 05e336bd894b6351c1826ed6aef54a26
sha1: 34714e9bc3caf7d724f66f4384090711e5c9f3d0
sha256: c7cb370d8644a16b2ef61a69e6067bcd20085bd96df4b558f8fa18d7ec2098f2
sha512: 4c9d9c2147ec9b152c1352abe5c3173aca060eff6a13933a88ddaf2850e1d46ae03d64d7914aa2ade1d585b8f39aafece3bff16d0fe6311767f538e2de5b6415
ssdeep: 24576:57blih+VP/70SYjwHy1liAxwaXd1Ny/p8v/APPRkoA567aRq8Imj4Yz:575AKPDYw+licXTNy1P+M+sm8Yz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15F4523516EE07AB0E491C6342E8182194B73BA3AC9351D5879DD8F0E6FB3FC2760E791
sha3_384: 906f81563224124515fc1dec45a102546c599106ca5fdaac5486fc4490329e59fac3c4218d6ceb80c00ffba194246790
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Установка  __ Setup                                         
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Установка  __                                               
ProductVersion: 4.6                                               
Translation: 0x0000 0x04b0

Ursu.311684 also known as:

BkavW32.AIDetectMalware
LionicAdware.Win32.DealPly.2!c
Elasticmalicious (high confidence)
CAT-QuickHealPUA.Puwaders.S2777160
SkyhighArtemis
ALYacGen:Variant.Ursu.311684
Cylanceunsafe
VIPREGen:Variant.Ursu.311684
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/grayware_confidence_100% (W)
AlibabaAdWare:Win32/DealPly.ac077e72
ArcabitTrojan.Ursu.D4C184
SymantecSMG.Heur!gen
ESET-NOD32a variant of Win32/Adware.FileTour.FHO
Kasperskynot-a-virus:AdWare.Win32.DealPly.dvihd
BitDefenderGen:Variant.Ursu.311684
NANO-AntivirusTrojan.InnoSetup.DealPly.fhowxj
SUPERAntiSpywareAdware.FileTour/Variant
MicroWorld-eScanGen:Variant.Ursu.311684
AvastWin32:AdwareSig [Adw]
EmsisoftApplication.FileTour (A)
F-SecureHeuristic.HEUR/AGEN.1332519
DrWebTrojan.Moneyinst.720
ZillyaAdware.DealPly.Win32.189808
Trapminemalicious.high.ml.score
FireEyeGen:Variant.Ursu.311684
SophosGeneric Reputation PUA (PUA)
JiangminAdWare.DealPly.llhz
AviraHEUR/AGEN.1332519
MicrosoftPUADlManager:Win32/FileTourInstaller
ZoneAlarmnot-a-virus:AdWare.Win32.DealPly.dvihd
GDataGen:Variant.Ursu.311684
McAfeeArtemis!05E336BD894B
VBA32Adware.DealPly
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CI.A
TencentWin32.Trojan.FalseSign.Bzlw
YandexPUA.DealPly!s4efhiqcN6U
SentinelOneStatic AI – Suspicious PE
FortinetRiskware/FileTour
AVGWin32:AdwareSig [Adw]
Cybereasonmalicious.d894b6
DeepInstinctMALICIOUS

How to remove Ursu.311684?

Ursu.311684 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment