Malware

Ursu.319516 (file analysis)

Malware Removal

The Ursu.319516 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.319516 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics

How to determine Ursu.319516?



File Info:

name: F1DCD43E15A5D902628D.mlw
path: /opt/CAPEv2/storage/binaries/68f758a0d97e4f1a3dfa4c637c3d19332217c1c0fdf04e416d708cb9a7f47e10
crc32: 184B9FB1
md5: f1dcd43e15a5d902628d37fe7e6f74c0
sha1: 0b5443a06c863e8636fabe085aa7489c713b3711
sha256: 68f758a0d97e4f1a3dfa4c637c3d19332217c1c0fdf04e416d708cb9a7f47e10
sha512: b6d92ec64c82f1b5c4361301707edf634ccf212ba83ef625e1c6443d058f8af18d38c9bafd837ae72cd0b11d16a34941122adb9643c4a8a099f2e2bf4962f873
ssdeep: 12288:nY7iFgd+VwZY5tCuA6QkhANd+i2gtQi2FL2PMdhL:nY7ctWepgNd+iWFLdL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19E25BB84A85CB1ADC9160EF2F96FDF388669F6F23B24D1C1591EFEB020129456D1FE18
sha3_384: 5aee5a5181abb018bb9141bfd7367e7c0d2dc41d81d003205651bfafaabf1d85c9c3306d6e38fa1b33a84a79fea1f7f4
ep_bytes: 68a0154000e8f0ffffff000000000000
timestamp: 2013-12-19 22:41:18


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Symantec Corporation Yellow
FileDescription: Epirot immigra
LegalCopyright: Symantec Corporation Pink
ProductName: Underbea schoolbo overreal unschema
FileVersion: 8.07.0005
ProductVersion: 8.07.0005
InternalName: Gloc
OriginalFilename: Gloc.exe

Ursu.319516 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Demp.4!c
MicroWorld-eScanGen:Variant.Ursu.319516
ClamAVWin.Dropper.Demp-6714293-0
FireEyeGeneric.mg.f1dcd43e15a5d902
CAT-QuickHealTrojanSpy.Zbot.AQ3
ALYacGen:Variant.Ursu.319516
CylanceUnsafe
VIPREGen:Variant.Ursu.319516
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 0055e3991 )
AlibabaTrojanDropper:Win32/Injector.8a8a86f5
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.e15a5d
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.APVL
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
BitDefenderGen:Variant.Ursu.319516
NANO-AntivirusTrojan.Win32.Demp.dwwree
TencentMalware.Win32.Gencirc.10c7562a
Ad-AwareGen:Variant.Ursu.319516
ComodoMalware@#3gl1j759sf9iy
BitDefenderThetaGen:NN.ZevbaF.34646.9m1@aWy3!Ihi
ZillyaDropper.Demp.Win32.1607
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Ursu.319516 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanDropper.Demp.aeg
AviraTR/Dropper.VB.Gen8
Antiy-AVLTrojan/Generic.ASMalwS.617
KingsoftWin32.Troj.Demp.r.(kcloud)
GoogleDetected
Acronissuspicious
VBA32TrojanDropper.Demp
MAXmalware (ai score=81)
MalwarebytesTrojan.DorkBot.ED
RisingMalware.Undefined!8.C (TFE:3:P47q5EUTOPD)
YandexTrojan.Injector!HsW2fUhBXPQ
MaxSecureTrojan.Malware.7217743.susgen
FortinetW32/VB.ALO!tr
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ursu.319516?

Ursu.319516 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment