Malware

Ursu.772328 removal guide

Malware Removal

The Ursu.772328 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ursu.772328 virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Binary compilation timestomping detected

How to determine Ursu.772328?


File Info:

name: 4AACB5D7F11695197981.mlw
path: /opt/CAPEv2/storage/binaries/e3b8753c1e6cba017efd005e81b26cefd347a6a7aa4ed46835ca8980ecde8f07
crc32: 10EB2322
md5: 4aacb5d7f11695197981a9ab596f7588
sha1: 70ed05aa95c90a6ba90cd8b9d7454e5d55b8d031
sha256: e3b8753c1e6cba017efd005e81b26cefd347a6a7aa4ed46835ca8980ecde8f07
sha512: 63570fd6bf89c67b743045271a754cc0444cb6c54438a7e6b32de47cd00ee664c563706032fa62f21833ab4e84a680fcb1caaa1d54fb86c94a107a9607e9d990
ssdeep: 12288:7hUpZK3ZiFhPe9IiQivIOsIUAsfmbNfLfTy0vr:7hU+JmPe9CGXsID5J
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T117E45C343EEE501AF2B3AF799BD475E6D96EF7333A07946E205103460A13A81DD9123E
sha3_384: 000c0a3e89f13141448ab25970e25a6d524033d9d52e78d77d7138aa3620b0d5d8d9d4c3effc2b177cf7463270137dd4
ep_bytes: ff2500604b007a01000000ad6b300600
timestamp: 2055-09-19 22:46:00

Version Info:

Translation: 0x0000 0x04b0
FileDescription:
FileVersion: 0.0.0.0
InternalName: fodase123.exe
LegalCopyright:
OriginalFilename: fodase123.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Ursu.772328 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.772328
FireEyeGeneric.mg.4aacb5d7f1169519
ALYacGen:Variant.Ursu.772328
MalwarebytesTrojan.Agent.Gen
Cybereasonmalicious.7f1169
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Packed.VMProtect.C suspicious
APEXMalicious
KasperskyUDS:Trojan-Spy.MSIL.Stealer.gen
BitDefenderGen:Variant.Ursu.772328
AvastFileRepMetagen [Malware]
Ad-AwareGen:Variant.Ursu.772328
SophosML/PE-A
McAfee-GW-EditionBehavesLike.Win32.Generic.jh
EmsisoftGen:Variant.Ursu.772328 (B)
IkarusPUA.VMProtect
GDataGen:Variant.Ursu.772328
AviraTR/Dropper.Gen
ArcabitTrojan.Ursu.DBC8E8
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
MAXmalware (ai score=84)
SentinelOneStatic AI – Malicious PE
BitDefenderThetaGen:NN.ZemsilF.34084.Ru0@aWvWwzn
AVGFileRepMetagen [Malware]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Ursu.772328?

Ursu.772328 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment