Malware

Ursu.370140 removal instruction

Malware Removal

The Ursu.370140 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.370140 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server

How to determine Ursu.370140?



File Info:

name: 1F2E92F2591AC91B9F3B.mlw
path: /opt/CAPEv2/storage/binaries/f125a6a5814cd5ac7ef9d71c565e05487cead445eff1bbb122b9ca9032d53071
crc32: 9A4F6169
md5: 1f2e92f2591ac91b9f3bb6dfff0280e0
sha1: ba7ed7d3e170bb92d1c458effe7728dc411fee1b
sha256: f125a6a5814cd5ac7ef9d71c565e05487cead445eff1bbb122b9ca9032d53071
sha512: 5ae8463f211c8ac101347d2b45f5f2687ae59b1c889a1710054e4d13d26aa4f0ef16fdde96699d9fe6faa7036ec72c4ff3ffdc86de05b84b531a6ca6947d237a
ssdeep: 6144:76ueutuMtlkSd2mBpiLqx2gin1r/stVTNOACgQ5KfPWeTzn6zCjYmC4k63ST/xQB:DuykSd2T3xsVT8NylL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F5E4181977EC4A42E2FF8B7AD5F2151187FA7866891ADB0E0C9274DE0C727A0C811F63
sha3_384: 78db2c8a97c188e10da236bff6debd6ad9f6d446016837bf0ec77cdc1bab01f1ab22eb21d00eb9c525b8bd1d389b5c30
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-09-05 12:32:42


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Microsoft
FileDescription: WindowsApplication1
FileVersion: 1.0.0.0
InternalName: Listener3.exe
LegalCopyright: Copyright © Microsoft 2018
OriginalFilename: Listener3.exe
ProductName: WindowsApplication1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ursu.370140 also known as:

LionicTrojan.Win32.Perseus.4!c
MicroWorld-eScanGen:Variant.Ursu.370140
FireEyeGeneric.mg.1f2e92f2591ac91b
ALYacGen:Variant.Ursu.370140
CylanceUnsafe
Cybereasonmalicious.2591ac
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
BitDefenderGen:Variant.Ursu.370140
Ad-AwareGen:Variant.Ursu.370140
SophosMal/Generic-S
McAfee-GW-EditionGenericRXHH-KR!1F2E92F2591A
EmsisoftGen:Variant.Ursu.370140 (B)
GDataGen:Variant.Ursu.370140
WebrootW32.Trojan.Gen
ArcabitTrojan.Ursu.D5A5DC
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeGenericRXHH-KR!1F2E92F2591A
MalwarebytesGeneric.Malware/Suspicious
SentinelOneStatic AI – Suspicious PE
FortinetPossibleThreat
BitDefenderThetaGen:NN.ZemsilCO.34084.Rq0@aSdHfxb
PandaTrj/GdSda.A
MaxSecureTrojan.Malware.74112545.susgen

How to remove Ursu.370140?

Ursu.370140 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment