Malware

Should I remove “Ursu.352083”?

Malware Removal

The Ursu.352083 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.352083 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • CAPE detected the Azorult malware family
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

How to determine Ursu.352083?



File Info:

name: F82753A5416E5E37E116.mlw
path: /opt/CAPEv2/storage/binaries/8e13632b2db4454a2d45eadcc79c20fa02985ff38fa8c9aa1cb33a9dbe9df0c0
crc32: F22F91CA
md5: f82753a5416e5e37e116430e0cffb4fb
sha1: 972396f649e737b1824d1a90b278b3a368f1a65f
sha256: 8e13632b2db4454a2d45eadcc79c20fa02985ff38fa8c9aa1cb33a9dbe9df0c0
sha512: 40d5769bb6f434d37b0e20e41bba76f9f0ebb469764688809d90727080d417f6d6787e5e81ce1e77534e9c30ed6e28fb4a8de5e5094ba3a249012155651e077a
ssdeep: 12288:0m7kTy0CPnK87tqebCWZW4IiZN+OLo2KDjgHaPcFm9LqU:0MJ0YnVhP5ZWc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E3E4F687B803A3BDC82BCCF245DD1F7066251C7B9D1E92574F9232D6C53A842A9129FB
sha3_384: 069a1dd09a0790ca7666e9822a4ac4d86f6bb6588f5c8681c577aa4ec5f19fc700be2f6819e284d955bcbb4ad71ae8bd
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-12-13 05:58:51


Version Info:

Translation: 0x0000 0x04b0
Comments: Canon printing device protable
CompanyName: Canon
FileDescription: 
FileVersion: 7.0.0.0
InternalName: MP230P6.exe
LegalCopyright: 2019 All rights reserved.
LegalTrademarks: 
OriginalFilename: MP230P6.exe
ProductName: Canon printing device protable MP230P6
ProductVersion: 7.0.0.0
Assembly Version: 2.0.0.0

Ursu.352083 also known as:

LionicTrojan.MSIL.Androm.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.352083
FireEyeGeneric.mg.f82753a5416e5e37
McAfeeGeneric.eab
CylanceUnsafe
ZillyaBackdoor.Androm.Win32.59230
K7AntiVirusTrojan ( 00543ac61 )
AlibabaBackdoor:MSIL/Androm.3d1e35d0
K7GWTrojan ( 00543ac61 )
Cybereasonmalicious.5416e5
CyrenW32/MSIL_Kryptik.EO.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Kryptik.QIW
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.MSIL.Androm.gen
BitDefenderGen:Variant.Ursu.352083
NANO-AntivirusTrojan.Win32.Androm.flficv
AvastWin32:BackdoorX-gen [Trj]
TencentWin32.Trojan.Inject.Auto
Ad-AwareGen:Variant.Ursu.352083
SophosMal/Generic-S
ComodoMalware@#qwtqeqxt39v4
TrendMicroTrojanSpy.MSIL.LOKI.SMTHC.hp
McAfee-GW-EditionBehavesLike.Win32.Fareit.jh
EmsisoftGen:Variant.Ursu.352083 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1117408
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.29DB370
MicrosoftTrojan:Win32/Occamy.C
GDataGen:Variant.Ursu.352083
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Golroted.R275881
BitDefenderThetaGen:NN.ZemsilF.34294.Pm0@a8WI8lj
ALYacGen:Variant.Ursu.352083
VBA32CIL.StupidPInvoker-1.Heur
MalwarebytesBackdoor.NanoCore
TrendMicro-HouseCallTrojanSpy.MSIL.LOKI.SMTHC.hp
YandexTrojan.Kryptik!Cn3+sUTo4B4
IkarusTrojan-Spy.Keylogger.AgentTesla
FortinetMSIL/GenKryptik.CTXT!tr
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Ursu.352083?

Ursu.352083 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment