Malware

Ursu.797272 information

Malware Removal

The Ursu.797272 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ursu.797272 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Ursu.797272?


File Info:

name: 37258104156188EDC793.mlw
path: /opt/CAPEv2/storage/binaries/217005deb6e8563f3cb860c3410ebba68a409fd67c0e357b181649361f427c7b
crc32: 3F5E5DAB
md5: 37258104156188edc793e8f38669d5e5
sha1: 074c1a31fdb26f2b22e073303bd56fae9a9bac1a
sha256: 217005deb6e8563f3cb860c3410ebba68a409fd67c0e357b181649361f427c7b
sha512: 98bf2914b28192fbc20218cc475dff771fb11488f0a0018b21cef989a1e0e00d85f21738303926ab9ac83b5b7d0fa7737bf7d2fa47f6ceb9983802d4311e0448
ssdeep: 3072:vcmHaycfbSxL3HhmY1nk0YKAzDiLFDtZ3SeEclEHklu70FKqjnn0RcrUyTahqFgW:vcmHaycfo/yCD33SeEcqvcEcHvh+Q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E664221A41450C0BFF3946BC94EBEBB1DFADA0A446A559337E8C792F1FB68D90E13064
sha3_384: 6f046f93c3b98af74d582427c1e37bd03cdd204e11dbde4396fbffb20c63b9ec1e201d0c0afb4d9b5dd9cec132b042ba
ep_bytes: 60be006048008dbe00b0f7ffc787a060
timestamp: 1992-06-19 22:22:17

Version Info:

CompanyName:
FileDescription:
FileVersion: 1.0.0.0
InternalName:
LegalCopyright:
LegalTrademarks:
OriginalFilename:
ProductName:
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Ursu.797272 also known as:

DrWebTrojan.DownLoader15.19715
MicroWorld-eScanGen:Variant.Ursu.797272
FireEyeGeneric.mg.37258104156188ed
CAT-QuickHealTrojanspy.Banker.8354
McAfeeGenericRXAA-AA!372581041561
CylanceUnsafe
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.415618
BitDefenderThetaGen:NN.ZelphiF.34742.tmKfaqB1Grfj
VirITTrojan.Win32.Banker6.BQWQ
CyrenW32/A-4193a7fa!Eldorado
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Spy.Banker.AAVQ
ClamAVWin.Trojan.Strictor-411
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ursu.797272
NANO-AntivirusTrojan.Win32.Strictor.dfwnsc
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10c2742d
Ad-AwareGen:Variant.Ursu.797272
EmsisoftGen:Variant.Ursu.797272 (B)
ComodoTrojWare.Win32.Delf.EDS@5t0yr4
ZillyaTrojan.Banz.Win32.5229
Trapminemalicious.moderate.ml.score
IkarusTrojan.Win32.Fune
GDataGen:Variant.Ursu.797272
JiangminTrojan/Banker.Banz.djw
AviraHEUR/AGEN.1245083
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Hupe.Gen
VBA32TrojanBanker.Banz
ALYacGen:Variant.Ursu.797272
MAXmalware (ai score=83)
MalwarebytesMalware.Heuristic.1003
APEXMalicious
YandexTrojanSpy.Banker!iLr3twZ1QWE
SentinelOneStatic AI – Malicious PE
FortinetW32/Banker.AAXV!tr.spy
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Ursu.797272?

Ursu.797272 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment