Malware

About “Ursu.727958” infection

Malware Removal

The Ursu.727958 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.727958 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Network activity detected but not expressed in API logs

How to determine Ursu.727958?



File Info:

crc32: 65E27A59
md5: f24763e283c7c227a4cb7f331633b354
name: F24763E283C7C227A4CB7F331633B354.mlw
sha1: 5667c6d688461e0a5a0f82d6f82009759bd5f61b
sha256: 49cc09d33a935f8da7c31df2aa29661654870961f9ea5cb06cb9aafb6c16061c
sha512: 51aff443699756e4ca479a50ce3419e974319494f92b411a3e6544aa38f1b58c46e725caa938d76a2d00c3854f881190b3bff2db7648ee01ec66953af430621c
ssdeep: 24576:4yI1nfNuJNJn3OmoUvGCFAX2vl1hWMA7j9zf3iBhrq9DpDjO:4yUfNS+mxfFAm9K7j9zf3iBhuDo
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName:                                                             
Comments: This installation was built with Inno Setup.
ProductName: FoxmailUAC                                                  
ProductVersion: 1.69                                              
FileDescription: FoxmailUAC Setup                                            
Translation: 0x0000 0x04b0

Ursu.727958 also known as:

DrWebTrojan.MulDrop11.28728
CynetMalicious (score: 99)
ALYacGen:Variant.Ursu.727958
CrowdStrikewin/malicious_confidence_70% (D)
Cybereasonmalicious.283c7c
CyrenW32/Kryptik.BZK.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.GZZA
APEXMalicious
AvastWin32:AdwareX-gen [Adw]
KasperskyHEUR:Trojan.Win32.Ekstak.vho
BitDefenderGen:Variant.Ursu.727958
MicroWorld-eScanGen:Variant.Ursu.727958
SophosGeneric ML PUA (PUA)
BitDefenderThetaGen:NN.ZexaCO.34294.lv0@aWp7@Yhj
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.dc
FireEyeGen:Variant.Ursu.727958
EmsisoftGen:Variant.Ursu.727958 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Ekstak.axoj
AviraHEUR/AGEN.1120902
Antiy-AVLTrojan/Generic.ASMalwS.2F74B5B
MicrosoftBrowserModifier:Win32/Adrozek
GDataGen:Variant.Ursu.727958
AhnLab-V3Trojan/Win32.Ekstak.R308226
MAXmalware (ai score=89)
MalwarebytesAdware.DownloadAssistant
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazqMDoEyN4UIFlbyRwEgIhX3)
IkarusTrojan.Win32.Krazy
FortinetW32/CoinMiner.GYQC!tr
AVGWin32:AdwareX-gen [Adw]

How to remove Ursu.727958?

Ursu.727958 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment