Malware

About “Ursu.688891” infection

Malware Removal

The Ursu.688891 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.688891 virus can do?

  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Ursu.688891?



File Info:

name: 1494D1B12C59DA260BE9.mlw
path: /opt/CAPEv2/storage/binaries/02da8b434e067c84804c9f64355088902d88f02251ad72d3ff3ace81bbd09582
crc32: FB486932
md5: 1494d1b12c59da260be9c799bedf7303
sha1: be51fd854acceb49757a5e26ad25c52e1809ee4c
sha256: 02da8b434e067c84804c9f64355088902d88f02251ad72d3ff3ace81bbd09582
sha512: 6134dc601673b996643ff45c97ab1e06043c4038ce2e5c7441e843859abe3e4b027c9ca12db000ce65946ce8f0af4c99a6d3d49463913369417507e9e9f48cd0
ssdeep: 24576:p1geS1tb5/ZZ5BVpG+yx46vlyhu4C6IJjuAQiQ8FNibQUv2gVbAdl/Qn:ZS1tb5TVpG+yx46vly1IhYH8Fs8PgH
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1688523357A6D841AC3C843BE645509A083F1DA5D7D87C30BB42EA2A57F133A0AD6637F
sha3_384: ca93ed0ef900fd2c8369cbaeeab8db94738492f7a5ab6f8426e7a118fde76fb10bdd56611b12beb4feb9e80f6503b4b0
ep_bytes: 4d5a90000300000004000000ffff0000
timestamp: 2021-11-28 15:41:04


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Axia Spoofer
FileVersion: 1.0.0.0
InternalName: Loader.exe
LegalCopyright: Copyright shop-axia.com
LegalTrademarks: 
OriginalFilename: Loader.exe
ProductName: Loader
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ursu.688891 also known as:

Elasticmalicious (high confidence)
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacGen:Variant.Ursu.688891
Cybereasonmalicious.12c59d
ESET-NOD32a variant of MSIL/Packed.VMProtect.C suspicious
CynetMalicious (score: 100)
BitDefenderGen:Variant.Ursu.688891
MicroWorld-eScanGen:Variant.Ursu.688891
AvastWin64:MalwareX-gen [Trj]
Ad-AwareGen:Variant.Ursu.688891
EmsisoftGen:Variant.Ursu.688891 (B)
FireEyeGeneric.mg.1494d1b12c59da26
SophosML/PE-A + Mal/VMProtBad-A
IkarusTrojan.MSIL.Vmprotect
GDataGen:Variant.Ursu.688891
ArcabitTrojan.Ursu.DA82FB
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=82)
APEXMalicious
MaxSecureTrojan.Malware.300983.susgen
AVGWin64:MalwareX-gen [Trj]

How to remove Ursu.688891?

Ursu.688891 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment