Malware

What is “Ursu.525018”?

Malware Removal

The Ursu.525018 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.525018 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Creates a slightly modified copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

0x21.in

How to determine Ursu.525018?



File Info:

crc32: 3C4F749D
md5: 4799b782d44ee1372fdf9b4d97ab7f14
name: 4799B782D44EE1372FDF9B4D97AB7F14.mlw
sha1: 8110ae367036726c2e904043612b33bb9823025b
sha256: 8f44f9b4e0716329638b3cf4b2470df57e199e9b66bb58e225aa767d9d48dd7e
sha512: 1911cfe8072c3105a8b76cbfe95f2b1e563ff80cba83b05d34cdb6b3b45a5ff74fd1f57c4ed56d3bf6dc3db3887d00935e1261f5c8a787182984ee493f8772c8
ssdeep: 49152:e5CVbtO59t8cPAFap5aLKLkDl+dUvO9YX:xOnt8IAwa+p396
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright 2018 Adobe Incorporated. All rights reserved.
FileVersion: ...
CompanyName: Adobe Systems Incorporated
ProductName: Adobe Download Manager
ProductVersion: ...
FileDescription: Adobe Download Manager
OriginalFilename: Adobe Download Manager
Translation: 0x0409 0x04b0

Ursu.525018 also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebBackDoor.HVNC.15
MicroWorld-eScanGen:Variant.Ursu.525018
FireEyeGeneric.mg.4799b782d44ee137
CAT-QuickHealTrojan.AutoIt.AitInject.ZZ
ALYacGen:Variant.Ursu.525018
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 700000111 )
BitDefenderGen:Variant.Ursu.525018
K7GWTrojan ( 700000111 )
CrowdStrikewin/malicious_confidence_100% (D)
TrendMicroTSPY_TINCLEX.SM1
BitDefenderThetaGen:NN.ZexaF.34590.zqW@auVdLFh
CyrenW32/FakeDoc.N.gen!Eldorado
SymantecPacked.Generic.548
APEXMalicious
ClamAVWin.Malware.Generic-6623004-0
KasperskyHEUR:Trojan.Win32.Pincav.gen
NANO-AntivirusTrojan.Win32.Quasar.foekoa
TencentMalware.Win32.Gencirc.10b0d056
Ad-AwareGen:Variant.Ursu.525018
EmsisoftGen:Variant.Ursu.525018 (B)
ComodoBackdoor.Win32.QuasarRAT.A@8m6u7h
F-SecureTrojan.TR/AD.Xiclog.nmpoi
InvinceaML/PE-A + Mal/AuItInj-A
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
SophosMal/Hvnc-A
IkarusBackdoor.Win32.Hupigon
MaxSecureTrojan.Malware.121218.susgen
AviraTR/Hijacker.W
Antiy-AVLGrayWare/Autoit.ShellCode.a
MicrosoftVirTool:Win32/AutInject
ArcabitTrojan.Ursu.D802DA
ZoneAlarmHEUR:Trojan.Win32.Pincav.gen
GDataGen:Variant.Ursu.525018
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/AutoInj.Exp
McAfeeArtemis!4799B782D44E
MAXmalware (ai score=84)
VBA32BScope.Trojan.Invader
MalwarebytesTrojan.MalPack.AutoIt
PandaTrj/Genetic.gen
ZonerTrojan.Win32.82233
ESET-NOD32a variant of Win32/Packed.AutoIt.OM
TrendMicro-HouseCallTSPY_TINCLEX.SM1
RisingBackdoor.Quasar!1.B1DD (CLASSIC)
YandexTrojan.GenAsa!eJ2W40k2TSg
eGambitTrojan.Generic
FortinetW32/Carberp.BU!tr.dldr
AVGWin32:PWSX-gen [Trj]
Cybereasonmalicious.2d44ee
AvastWin32:PWSX-gen [Trj]
Qihoo-360QVM41.1.Malware.Gen

How to remove Ursu.525018?

Ursu.525018 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment