Malware

Ursu.436359 malicious file

Malware Removal

The Ursu.436359 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.436359 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity

How to determine Ursu.436359?



File Info:

name: 847B14EE1DADD6051FA6.mlw
path: /opt/CAPEv2/storage/binaries/e4f7c96c34468ce4aa4cce6975e78913d435d2b0130258f9872b74ff303396a0
crc32: ACBF8FC6
md5: 847b14ee1dadd6051fa6cb9d4445875d
sha1: e123987aed46bbe464c552fa2d910d8efdde49b2
sha256: e4f7c96c34468ce4aa4cce6975e78913d435d2b0130258f9872b74ff303396a0
sha512: 1c5c01582008bd185033cf07d37568601e278f5e70c2089e98ae6e0447ab410d5578500ee3f9c64d1bbbc1def563e0ec3c1688a4572d734f16905399f8e4709e
ssdeep: 196608:AMUaISdxYiaEHMw0ucO7Q4eR2Mu2Xr4PU9B:bUaIoxgEssz+R2EcI
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T158862313032A0115F6EEDD3A9A1BEDF535F62F66CAC27CFC77D6B9C114724A2A206412
sha3_384: 33c4738979577bd2b370aaafe18df3869ad5ae7fa3930d590c0b856682bb825519b63f740f36f0ac41bd2099150d2ae1
ep_bytes: 6805aa38eae8c3caa1ffc1c1033ac3e9
timestamp: 2019-04-18 08:25:35


Version Info:

Comments: Developed  by Archeng
CompanyName: Realtek Semiconductor Corp.
FileDescription: Driver Setup API for Realtek HD Audio
FileVersion: 3, 2, 0, 2
InternalName: RtlUpd
LegalCopyright: Copyright (C) 2018 Realtek Semiconductor Corp.
OriginalFilename: RtlUpd.EXE
ProductName: Realtek HD Auido Update and remove driver Tool
ProductVersion: 3, 2, 0, 2
Translation: 0x0409 0x04b0

Ursu.436359 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.436359
FireEyeGeneric.mg.847b14ee1dadd605
ALYacGen:Variant.Ursu.436359
CylanceUnsafe
ZillyaTrojan.Miner.Win64.1832
SangforTrojan.Win64.Miner.lab
K7AntiVirusTrojan ( 0054c4151 )
AlibabaTrojan:Win64/Miner.f7391c27
K7GWTrojan ( 0054c4151 )
CrowdStrikewin/malicious_confidence_70% (W)
BitDefenderThetaGen:NN.ZexaF.34212.@V0@a8suqvki
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.VMProtect.OK
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win64.Miner.lab
BitDefenderGen:Variant.Ursu.436359
NANO-AntivirusTrojan.Win32.Mlw.fppfdn
TencentWin64.Trojan.Miner.Dztr
Ad-AwareGen:Variant.Ursu.436359
SophosMal/Generic-S
ComodoMalware@#3rzrvwkd53o8p
VIPRETrojan.Win32.Generic!BT
EmsisoftGen:Variant.Ursu.436359 (B)
IkarusTrojan.Win32.VMProtect
JiangminTrojan.Miner.ivp
AviraHEUR/AGEN.1216275
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASMalwS.2B4565C
MicrosoftTrojan:Win32/Tnega!ml
GDataGen:Variant.Ursu.436359
AhnLab-V3Trojan/Win64.RL_Miner.R271207
McAfeeArtemis!847B14EE1DAD
APEXMalicious
RisingTrojan.Miner!8.EA1 (CLOUD)
YandexTrojan.GenAsa!uvL+P8kULPU
MaxSecureTrojan.Malware.73768235.susgen
FortinetW64/Miner.LAB!tr
Cybereasonmalicious.e1dadd
PandaTrj/CI.A

How to remove Ursu.436359?

Ursu.436359 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment