Malware

What is “Ursu.708004”?

Malware Removal

The Ursu.708004 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.708004 virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Ursu.708004?



File Info:

name: D8CA02D68D812FEBD951.mlw
path: /opt/CAPEv2/storage/binaries/541c9edef97da94a8bd6a030b2a4fcdb0d3bb7013b10e37946200beba1c4b8eb
crc32: 4200FB83
md5: d8ca02d68d812febd9518aaf91042006
sha1: 5c1acd395d76be00dbf1b686e2c31364bb8cf201
sha256: 541c9edef97da94a8bd6a030b2a4fcdb0d3bb7013b10e37946200beba1c4b8eb
sha512: 7d8f6915446cab1f92db62b84292d263b2e53ce1a1e65268d0a996d5a273cb92dcb5e890bf22aa7af508f6088f5dea9c417231382da493fdd571ca807ef0505d
ssdeep: 96:HKHO/pni0CLVNDpY5W9X89z3+3DxqN9ptf6IZozNt:HKH8niPND+I5853sDcN1fZM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14DF1C662EBB48373DE6A4F336C73524006B1EB51CC67DA6EA8C9510F5E6331146A3BB1
sha3_384: 9db8170eff94002be422d7b16c4f79ba3394fbe797385d42487dbe476ad2f5373b0a04e1febb53b337fcd7d167375849
ep_bytes: ff250020400000000000000000000000
timestamp: 2092-08-12 13:52:53


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: stealer
FileVersion: 1.0.0.0
InternalName: stealer.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: stealer.exe
ProductName: stealer
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ursu.708004 also known as:

LionicTrojan.Win32.Ursu.4!c
MicroWorld-eScanGen:Variant.Ursu.708004
McAfeeArtemis!D8CA02D68D81
MalwarebytesGeneric.Malware/Suspicious
VIPREGen:Variant.Ursu.708004
SangforTrojan.Win32.Ursu.Vnoo
K7AntiVirusPassword-Stealer ( 0057dc991 )
K7GWPassword-Stealer ( 0057dc991 )
BitDefenderGen:Variant.Ursu.708004
EmsisoftGen:Variant.Ursu.708004 (B)
McAfee-GW-EditionArtemis
FireEyeGen:Variant.Ursu.708004
SophosToken Stealer (PUA)
GDataGen:Variant.Ursu.708004
Antiy-AVLGrayWare/Win32.Presenoker
ArcabitTrojan.Ursu.DACDA4
MicrosoftProgram:Win32/Wacapew.C!ml
CynetMalicious (score: 100)
ALYacGen:Variant.Ursu.708004
MAXmalware (ai score=89)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H09DP23
MaxSecureTrojan.Malware.112271212.susgen
FortinetPossibleThreat
Cybereasonmalicious.68d812
DeepInstinctMALICIOUS

How to remove Ursu.708004?

Ursu.708004 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment