Categories: Malware

What is “Ursu.778508”?

The Ursu.778508 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ursu.778508 virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (5 unique times)
At least one IP Address, Domain, or File Name was found in a crypto call
Expresses interest in specific running processes
Reads data out of its own binary image
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Detects Sandboxie through the presence of a library
Checks for the presence of known windows from debuggers and forensic tools
The following process appear to have been packed with Themida: update.dat
Exhibits possible ransomware file modification behavior
Checks for the presence of known devices from debuggers and forensic tools
Detects the presence of Wine emulator via registry key
Checks the version of Bios, possibly for anti-virtualization
Checks the CPU name from registry, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Attempts to modify proxy settings
Anomalous binary characteristics
Clears web history

Related domains:

z.whorecord.xyz

a.tomx.xyz

pubg.hackrules.com

whos.amung.us

ocsp.digicert.com

status.geotrust.com

widgets.amung.us

How to determine Ursu.778508?


File Info:
crc32: C93D5171md5: f32d5bb45d57a3a14fe074ce74fef913name: update.datsha1: a713b18771effefbc4f7562792df9e5181794e90sha256: 4b08eab98e390ea584b891ef1efe602ae729ad0a1589693db4c219b8400c4fe0sha512: 4b5c8c3e0f8d929be6d4e87b2e62af4589750e7cf3f7998b3f36a35afe18aa82e46d561108574f8ddc230fc97c8d35b0e6f4ed1976a5c69425c3c5c895d94d61ssdeep: 98304:DK1evbB8PlBUDf+3ndUx6epHwffeLAG20VvL9rsvTvZLdWG3PE7mcXr:DKMvd8Pli+tU2ffGlYTBxl383type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0409 0x04b0InternalName: MODGVLD PUBGMFileVersion: 1.00CompanyName: Microsoft CoporationComments: Microsoft CoporationProductName: Microsoft CoporationProductVersion: 1.00FileDescription: Microsoft CoporationOriginalFilename: MODGVLD PUBGM.EXE

Ursu.778508 also known as:

Bkav	HW32.Packed.
MicroWorld-eScan	Gen:Variant.Ursu.778508
Cylance	Unsafe
BitDefender	Gen:Variant.Ursu.778508
Cybereason	malicious.45d57a
Invincea	heuristic
APEX	Malicious
GData	Gen:Variant.Ursu.778508
Kaspersky	HEUR:Trojan-Dropper.Win32.Dapato.vho
Endgame	malicious (high confidence)
Emsisoft	Gen:Variant.Ursu.778508 (B)
F-Secure	Trojan.TR/Dropper.Gen
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.f32d5bb45d57a3a1
Ikarus	Trojan.Win64.Themida
Webroot	W32.Trojan.Gen
Avira	TR/Dropper.Gen
MAX	malware (ai score=80)
Arcabit	Trojan.Ursu.DBE10C
ZoneAlarm	HEUR:Trojan-Dropper.Win32.Dapato.vho
Microsoft	Trojan:Win32/Wacatac.D!ml
AhnLab-V3	Trojan/Win32.Agent.C4056046
Acronis	suspicious
ALYac	Gen:Variant.Ursu.778508
Ad-Aware	Gen:Variant.Ursu.778508
Malwarebytes	Trojan.MalPack.Themida
ESET-NOD32	a variant of Win32/Packed.Themida.HFL
Rising	Malware.Heuristic!ET#100% (RDMK:cmRtazppfflLsp+zYMzDbXntd4Dp)
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_87%
BitDefenderTheta	Gen:NN.ZexaF.34110.@F0aaqhfPmji
CrowdStrike	win/malicious_confidence_100% (D)