Malware

About “Ursu.703600 (B)” infection

Malware Removal

The Ursu.703600 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.703600 (B) virus can do?

  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)

Related domains:

api.xp666.com
download.xp666.com

How to determine Ursu.703600 (B)?



File Info:

crc32: D71AC3D3
md5: 8dc04b6717b35e12a7e13f98fb10ccc7
name: csdemo2345_2021.exe
sha1: 3ef551959125c1ec08267dc947994c7d026ce0ac
sha256: cb1d2a5c6cfcf8204de1fc25d5716fc9e47024665bd851db254ab3d769c1e5ea
sha512: b1a2162cd406d48f8d6e42b6de34ae3c048a19ebae4624387186054cdcbd8310ff1e6c74ffca0b3190665362db9dd1f72c93bea05beea8b29f64c92fb9b953c5
ssdeep: 49152:plesoI6Rii4uUtP+SOTx18KG9DVEafstIHEYHTklF5dldD:pcso14dw8KGlCaf0Pld
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyrightxff08Cxff092019
FileVersion: 4.0.0.317
ProductName: x8f6fx4ef6x4e0bx8f7dx5668
ProductVersion: 4.0
FileDescription: x8f6fx4ef6x4e0bx8f7dx5668
OriginalFilename: FastDownload.exe
Translation: 0x0804 0x03a8

Ursu.703600 (B) also known as:

BkavW32.AIDetectVM.malware
MicroWorld-eScanGen:Variant.Ursu.703600
FireEyeGen:Variant.Ursu.703600
BitDefenderGen:Variant.Ursu.703600
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderThetaAI:Packer.C8AD9A6419
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:TrojanX-gen [Trj]
GDataGen:Variant.Ursu.703600
KasperskyHEUR:Trojan-Downloader.Win32.Agent.gen
Endgamemalicious (moderate confidence)
McAfee-GW-EditionBehavesLike.Win32.Generic.wh
EmsisoftGen:Variant.Ursu.703600 (B)
IkarusTrojan.Win32.Duote
JiangminTrojan.Agentb.glb
ArcabitTrojan.Ursu.DABC70
ZoneAlarmHEUR:Trojan-Downloader.Win32.Agent.gen
MicrosoftTrojan:Win32/Wacatac.C!ml
ALYacGen:Variant.Ursu.703600
MAXmalware (ai score=86)
VBA32TScope.Trojan.Delf
MalwarebytesTrojan.Downloader.Aspack
ESET-NOD32a variant of Win32/Duote.A
RisingTrojan.Generic@ML.80 (RDML:hVGF4ffXTt8eM+1xj53L8g)
SentinelOneDFI – Suspicious PE
FortinetW32/Duote.A!tr
Ad-AwareGen:Variant.Ursu.703600
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.717b35
Qihoo-360Win32/Trojan.fc8

How to remove Ursu.703600 (B)?

Ursu.703600 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment