Malware

About “Ursu.749416” infection

Malware Removal

The Ursu.749416 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.749416 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • CAPE detected the HiddenVNC malware family

How to determine Ursu.749416?



File Info:

name: BB00BA9726F922E07CF2.mlw
path: /opt/CAPEv2/storage/binaries/1f03ab2c168de4e82e8fd52b974180683044fce88d1128fa5691abbe313a2593
crc32: 52E7B9BB
md5: bb00ba9726f922e07cf243d3ccfc2b6e
sha1: 30e0181a018fa7dcbd2344dc32adcf77cf840ebe
sha256: 1f03ab2c168de4e82e8fd52b974180683044fce88d1128fa5691abbe313a2593
sha512: 5a66e31992955c0c39214e16ae989948c9e5fd6e886e0ffd8ee67b324830b67f6e5317297e3ace53686a4aa20117d8be4125f3d8d73282d194a7478434405f85
ssdeep: 12288:lcNVdCNGt9AtLPAzAO62bAl31YAhKOkFncdL0IUIv:K/dCItuhPAn6a03KAuFncdL0w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B9B41289E3E2D8D3F9361B31493A9B58476B5C268458622F079CB43A7D33283553F29B
sha3_384: d07ec0a18ac3ad34958943823cb449c6244908bc1197994564857ce86fed092fd4c84e3fb71c02a7c216597bc86c9bae
ep_bytes: 81ec8401000053565733db6801800000
timestamp: 2018-01-30 03:57:45


Version Info:

xvsadsad: qweasdsadsad
wqeasdasd: cxvcvxvcx
FileVersion: 51.9.0.0
xcvxcsadsad: 
LegalCopyright: qvscsd axqsc cxasd qsadacaa
LegalTrademarks: 
cxzcxzcxzc: 
ProductName: 
zxcxzcxzcxzc:  
Comments: zxcssssse: hsdsds
Translation: 0x0409 0x04e4

Ursu.749416 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.RegRun.4!e
tehtrisGeneric.Malware
DrWebTrojan.Inject3.34321
MicroWorld-eScanGen:Variant.Ursu.749416
FireEyeGeneric.mg.bb00ba9726f922e0
ALYacTrojan.Downloader.Carberp
CylanceUnsafe
SangforTrojan.Win32.Trickbot.GN
K7AntiVirusTrojan ( 005601401 )
AlibabaTrojanDropper:Win32/Loncom.c89949f7
K7GWTrojan ( 005601401 )
Cybereasonmalicious.726f92
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/GenKryptik.EDQY
TrendMicro-HouseCallTROJ_GEN.R002C0DDP21
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Dropper.NSIS.Loncom.gen
BitDefenderGen:Variant.Ursu.749416
AvastWin32:Trojan-gen
TencentWin32.Trojan.Inject.Pepc
Ad-AwareGen:Variant.Ursu.749416
EmsisoftGen:Variant.Ursu.749416 (B)
TrendMicroTROJ_GEN.R002C0DDP21
McAfee-GW-EditionBehavesLike.Win32.Generic.hc
SophosMal/Generic-S
JiangminTrojan.Generic.eldhs
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1224852
MAXmalware (ai score=100)
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Trickbot
ArcabitTrojan.Ursu.DB6F68
ViRobotTrojan.Win32.Z.Ursu.524818
GDataGen:Variant.Ursu.749416
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.RL_Generic.R326943
McAfeeGeneric .zz
VBA32Trojan.Wacatac
MalwarebytesTrojan.Downloader
APEXMalicious
RisingTrojan.Injector/NSIS!1.BFBB (CLASSIC)
IkarusTrojan.NSIS.Injector
FortinetW32/Generic.EDQY!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ursu.749416?

Ursu.749416 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment