Malware

Ursu.330318 removal tips

Malware Removal

The Ursu.330318 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.330318 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ursu.330318?



File Info:

name: F3B1C86120992DC1FD33.mlw
path: /opt/CAPEv2/storage/binaries/cd14d39eeb72bd935a4ff130a8051ee740814026e1a62e5b239ce6582e2c72d2
crc32: 57780DFD
md5: f3b1c86120992dc1fd337d3151bdc585
sha1: 634f58841df03ce0948bde027d229b71e01b0300
sha256: cd14d39eeb72bd935a4ff130a8051ee740814026e1a62e5b239ce6582e2c72d2
sha512: 2b86586d4396689c36a58b02e88f09a28f3bd84c0febc904a203c420f14538793828a7dcf183fbf95d660be878d144a66866bea876dfb1f714199e82894da9b0
ssdeep: 12288:R8cLF90mG9xjAvQN4XzvttDmyJatzK0mVg7IJGza8:/LF90mWWo2X7tZJatzFmGkJGza
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1D7B4235463E915F4D15221FC2E2EB13DF52A04701544AECB4FCAAD92BC87A8E39DCD8B
sha3_384: 1b85873b72986dc7b760f0263c0afa6f90048fa8572fdc37ca80bbf1d83ea7d67b6b707043082fe583859009fe0493cc
ep_bytes: 68d8663b50e973e7f9ff6835a4ae35e9
timestamp: 2018-02-27 01:46:32


Version Info:

FileVersion: 1.0.0.0
FileDescription: mydll
ProductName: mydll
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.dywt.com.cn)
Translation: 0x0804 0x04b0

Ursu.330318 also known as:

BkavW32.AIDetectMalware
LionicHacktool.Win32.Vemply.3!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.330318
FireEyeGeneric.mg.f3b1c86120992dc1
SkyhighBehavesLike.Win32.Generic.hc
McAfeeArtemis!F3B1C8612099
Cylanceunsafe
ZillyaTrojan.Packed.Win32.156938
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000001c1 )
AlibabaPacked:Win32/Vemply.6c6ae7d7
K7GWTrojan ( 7000001c1 )
CrowdStrikewin/malicious_confidence_70% (D)
BitDefenderThetaGen:NN.ZedlaF.36744.FC8@aeRQu6ib
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.VMProtect.ABO
CynetMalicious (score: 100)
APEXMalicious
KasperskyHEUR:Packed.Win32.Vemply.gen
BitDefenderGen:Variant.Ursu.330318
NANO-AntivirusTrojan.Win32.Vemply.fpoocz
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.13c1252a
SophosMal/VMProtBad-A
F-SecureTrojan.TR/Black.Gen2
VIPREGen:Variant.Ursu.330318
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Ursu.330318 (B)
IkarusTrojan.Win32.VMProtect
JiangminPacked.Vemply.fhb
AviraTR/Black.Gen2
Antiy-AVLTrojan[Packed]/Win32.Vemply
MicrosoftTrojan:Win32/Tiggre!rfn
XcitiumMalware@#9v4jwyrsl0mi
ArcabitTrojan.Ursu.D50A4E
GDataWin32.Application.PUPStudio.B
GoogleDetected
ALYacGen:Variant.Ursu.330318
MAXmalware (ai score=94)
VBA32BScope.Trojan.Bitrep
PandaTrj/GdSda.A
RisingTrojan.Generic@AI.82 (RDML:I1nVsnm5b9a4FOT8vyXkYQ)
YandexTrojan.VMProtect!/Y1RiGHodAk
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.10672965.susgen
FortinetW32/VMProtBad.A!tr
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS

How to remove Ursu.330318?

Ursu.330318 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment