Malware

Should I remove “Ursu.735769 (B)”?

Malware Removal

The Ursu.735769 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.735769 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • CAPE detected the Locky malware family

How to determine Ursu.735769 (B)?



File Info:

name: BAAAEFC5706911CD0A79.mlw
path: /opt/CAPEv2/storage/binaries/6d0a7485f18c7a8ab2520451a332bbfda874267cf13b57f94d63431b80837b4e
crc32: 3CBD8903
md5: baaaefc5706911cd0a797808e23544ae
sha1: 77509c6f8d3a78d7639edbbc70b5533c256b3857
sha256: 6d0a7485f18c7a8ab2520451a332bbfda874267cf13b57f94d63431b80837b4e
sha512: 1b0921d94db69726c47a148d51bebbf464d622bab760334df4b85bfe496f14cc76fdd06cb6324a8e9dee1811d4b9f28f76c1cc4f204e9a1a97e7aab19c4d2a30
ssdeep: 6144:UW+7+eMTUAzaiVO4TTJMQ0Io9YXRX5vPXyBkk38Kbnk:URyUAWZ4ZMPwoBRBk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18A24010033D0C9ABF53A29315977877573B3EE0279025B5B27207F2EEA35281D91A767
sha3_384: ca5f369585257ab89077b773b665ffcb523f8aa04e05439e6c0498554c43d4a2b06d777b5df37126e6f47627eeaa3bc3
ep_bytes: 81ecd8020000535556576a2033ed5e89
timestamp: 2014-10-07 04:40:20


Version Info:

Comments: http://xiph.org/dshow/
CompanyName: Xiph.Org
FileDescription: Directshow Filters for Ogg Vorbis, Speex, Theora, FLAC, and WebM
FileVersion: 1
LegalCopyright: Copyright (c) 2008 - 2011 Xiph.Org
LegalTrademarks: The Xiph Fish Logo and the Vorbis.com many-fish logos are trademarks (tm) of Xiph.Org
ProductName: Open Codecs
Translation: 0x0409 0x0000

Ursu.735769 (B) also known as:

LionicTrojan.Win32.Locky.j!c
Elasticmalicious (moderate confidence)
CynetMalicious (score: 100)
FireEyeGen:Variant.Ursu.735769
McAfeeArtemis!BAAAEFC57069
CylanceUnsafe
SangforRansom.Win32.Locky.gen
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Locky.ab5f8c6e
K7GWTrojan ( 0055e3ef1 )
K7AntiVirusTrojan ( 0055e3ef1 )
SymantecRansom.Cerber
ESET-NOD32Win32/Filecoder.Locky.C
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Ransom.Win32.Locky.cph
BitDefenderGen:Variant.Ursu.735769
NANO-AntivirusTrojan.Win32.Locky.eifdfb
ViRobotTrojan.Win32.Z.Locky.230181
MicroWorld-eScanGen:Variant.Ursu.735769
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Ursu.735769
SophosTroj/Ransom-DVG
ComodoApplicUnwnt@#16kc6s6wzh56w
DrWebTrojan.Encoder.3976
VIPREGen:Variant.Ursu.735769
TrendMicroRansom_LOCKY.DLDSAPW
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
EmsisoftGen:Variant.Ursu.735769 (B)
GDataGen:Variant.Ursu.735769
WebrootW32.Ransom.Gen
AviraHEUR/AGEN.1242601
MAXmalware (ai score=100)
KingsoftWin32.Troj.GenericKD.v.(kcloud)
ArcabitTrojan.Ursu.DB3A19
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftRansom:Win32/Locky
AhnLab-V3Trojan/Win32.Agent.C1612959
ALYacGen:Variant.Ursu.735769
VBA32TrojanRansom.Locky
MalwarebytesRansom.Cerber
TrendMicro-HouseCallRansom_LOCKY.DLDSAPW
TencentWin32.Trojan.Inject.Auto
IkarusTrojan.NSIS.Injector
FortinetW32/Injector.HC!tr
AVGWin32:Malware-gen
PandaTrj/CI.A

How to remove Ursu.735769 (B)?

Ursu.735769 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment