Malware

What is “Ursu.796475”?

Malware Removal

The Ursu.796475 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.796475 virus can do?

  • Unconventionial language used in binary resources: Polish
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine Ursu.796475?



File Info:

name: E57E8C05B9BAF14FD1AC.mlw
path: /opt/CAPEv2/storage/binaries/6424337930b2d114e9b8f5bc398b52793b591ebaf823ca7579494aeb741cd56f
crc32: DA84CA4E
md5: e57e8c05b9baf14fd1acf395330071f8
sha1: 4599d8dda248f09839bfa5e1c25da1254d6bc110
sha256: 6424337930b2d114e9b8f5bc398b52793b591ebaf823ca7579494aeb741cd56f
sha512: de7f20a1d7ac433b490ab340f6b449489377e5edb50857353fd8cace393e7687d73010fc0f1651fcdc0182c5d2d49e475e6ab21188d2c6611491ba36b7d96c0a
ssdeep: 24576:1y2n3Xdb+w0cA/V3eWRd2Ru1j0IAibuemqJNAivRCHVbyMDsXO1fk2zwByg2zfkW:1y2n3tb+bcA/V3eWRd2Ru1j0IAibuemz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T169555B0632728A53C45A37F4EA43CA342313AC096B55679669F37E5F79F030BED4298E
sha3_384: b1d7089aa22b7f7648120c6b5800867780e3abb18977cf447d684c4df74cc5335df79d5b2e5f4deee5635f9467f231d6
ep_bytes: ff25dc924100cccccc0b3002001e0000
timestamp: 2021-01-24 04:41:26


Version Info:

0: [No Data]

Ursu.796475 also known as:

LionicTrojan.Win32.Ursu.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.796475
FireEyeGeneric.mg.e57e8c05b9baf14f
CAT-QuickHealTrojan.AgentteslaFC.S21583537
McAfeeArtemis!E57E8C05B9BA
SangforSuspicious.Win32.Artemis.E57E8C05B9BA
CyrenW32/Trojan.JXOZ-8652
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/HackTool.Spammer.DT
Paloaltogeneric.ml
KasperskyHEUR:Hacktool.Win32.Spammer.gen
BitDefenderGen:Variant.Ursu.796475
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:DropperX-gen [Drp]
Ad-AwareGen:Variant.Ursu.796475
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Ursu.796475 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ursu.796475
AviraHEUR/AGEN.1144229
MAXmalware (ai score=88)
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
ALYacGen:Variant.Ursu.796475
MaxSecureTrojan.Malware.82433498.susgen
FortinetW32/Ursu.907166!tr
AVGWin32:DropperX-gen [Drp]
Cybereasonmalicious.5b9baf

How to remove Ursu.796475?

Ursu.796475 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment