Ursu.38321 (file analysis)

The Ursu.38321 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ursu.38321 virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Ursu.38321?


File Info:
name: 7D26387747D0137D2EEC.mlw
path: /opt/CAPEv2/storage/binaries/c279c92d3b65c0dad2f9a6df3c03b882e6d20a6f96bf2340092c5c99331e14ea
crc32: 0BB8C8BD
md5: 7d26387747d0137d2eecb1848e2df503
sha1: 91e8da859cf8d7ecf9efdd94084f993c9a442327
sha256: c279c92d3b65c0dad2f9a6df3c03b882e6d20a6f96bf2340092c5c99331e14ea
sha512: e3d10850368a0eb342cc9c4b416b619169ac09afd5337c1fde81e8ab94db76eb4d8adf3943d12a6a92a11f4f9db2ff47c82ce1106815a12cdaecab670e825cf2
ssdeep: 1536:fGTiaOIoLa9rHzHESWJhrujZJMOrIzBU8c:fY/OIbdkSyl0ZJMOrIzLc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18F736C03BEC590A2F422EAB419A1E722C9BBB9752F5122DB67C03E5F1D311D18D3539E
sha3_384: 1feabd60ec03c7ba4c341b46f390d797f85e3495a825165e6bf40c590c35c9bf0dd6505bcd030aa9b65a974357565820
ep_bytes: e8a1040000e937fdffff3b0d28604000
timestamp: 2017-10-15 09:28:20

Version Info:
CompanyName: AmyXun
FileDescription: AxMath
FileVersion: 1.0.0.1
InternalName: Register.exe
LegalCopyright: AmyXun. All rights reserved.
OriginalFilename: Register.exe
ProductName: AxMath Register
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04e4

Ursu.38321 also known as:

Lionic	Trojan.Win32.Ursu.4!c
MicroWorld-eScan	Gen:Variant.Ursu.38321
FireEye	Generic.mg.7d26387747d0137d
McAfee	Artemis!7D26387747D0
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Inject.ajrpg
Alibaba	Trojan:Win32/Inject.7a5e45be
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.ETIJWGJ
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Inject.ajrpg
BitDefender	Gen:Variant.Ursu.38321
NANO-Antivirus	Trojan.Win32.Inject.fditvk
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Inject.Aiig
Ad-Aware	Gen:Variant.Ursu.38321
Sophos	Mal/Generic-S
Comodo	Malware@#3qhcpauwlsqd9
TrendMicro	TROJ_GEN.R002C0WH321
McAfee-GW-Edition	BehavesLike.Win32.BadFile.lh
Emsisoft	Gen:Variant.Ursu.38321 (B)
GData	Gen:Variant.Ursu.38321
Jiangmin	Trojan.Inject.bylc
Antiy-AVL	Trojan/Generic.ASMalwS.27FBE75
Microsoft	Trojan:Win32/Wacatac.B!ml
ALYac	Gen:Variant.Ursu.38321
MAX	malware (ai score=97)
VBA32	Trojan.Inject
TrendMicro-HouseCall	TROJ_GEN.R002C0WH321
Yandex	Trojan.Agent!seET2IxRV3c
Ikarus	Trojan.SuspectCRC
Fortinet	W32/Generik.ETIJWGJ!tr
AVG	Win32:Malware-gen
Cybereason	malicious.747d01
Panda	Trj/GdSda.A

How to remove Ursu.38321?

Ursu.38321 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X