Malware

What is “Ursu.683200”?

Malware Removal

The Ursu.683200 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ursu.683200 virus can do?

  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs

How to determine Ursu.683200?


File Info:

crc32: A7A442D9
md5: 23be7159cb62d355df20a0782b6e1c6f
name: 23BE7159CB62D355DF20A0782B6E1C6F.mlw
sha1: b1fae405b585e3279af7ae6ed25d700ef35a2d81
sha256: 3e2800a3985259d9d0fb236d58d448512b32f5639b4fe54df83b90c85372c2d5
sha512: c56586e3c9d925ee6fa71c4cf4d67fb1f5c8a0460c043a20c48c1e1f4f04a74348c0bb8adcf6604fb43dccc360d53f5e88976bfe45d6c10e0f22dae08bf2d996
ssdeep: 6144:l/XyuRNgCVoykYTB1NzTs8U0OiGexS7HMYcbkckLvS:l/yusWoL6tPsV0nxxOsYcbkckb
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

LegalCopyright: xa9 Malwarebytes. All rights reserved.
InternalName: mbam.exe
FileVersion: 3.0.0.1411
CompanyName: Malwarebytes
LegalTrademarks:
ProductName: Malwarebytes
FileDescription: Malwarebytes
OriginalFilename: mbam.exe
Translation: 0x0409 0x04e4

Ursu.683200 also known as:

K7AntiVirusPassword-Stealer ( 004d8f421 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacGen:Variant.Ursu.683200
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (D)
K7GWPassword-Stealer ( 004d8f421 )
Cybereasonmalicious.9cb62d
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/PSW.CoinStealer.AA
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Blocker.lams
BitDefenderGen:Variant.Ursu.683200
NANO-AntivirusTrojan.Win32.Blocker.fcnteh
MicroWorld-eScanGen:Variant.Ursu.683200
TencentWin32.Trojan.Blocker.Hrfq
Ad-AwareGen:Variant.Ursu.683200
SophosMal/Generic-S
ComodoMalware@#54si383rxca3
BitDefenderThetaGen:NN.ZemsilF.34796.rm0@aWzB!Rbi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.23be7159cb62d355
EmsisoftGen:Variant.Ursu.683200 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.MSIL.Gen
Antiy-AVLTrojan/Generic.ASMalwS.2627DB3
MicrosoftRansom:MSIL/JigsawLocker!rfn
GDataGen:Variant.Ursu.683200
AhnLab-V3Trojan/Win32.CoinStealer.C2561742
McAfeeArtemis!23BE7159CB62
MAXmalware (ai score=95)
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/GdSda.A
IkarusTrojan.MSIL.PSW
FortinetMSIL/CoinStealer.AA!tr.pws
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Blocker.HwMAEpsA

How to remove Ursu.683200?

Ursu.683200 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment