Categories: Malware

Ursu.797272 information

The Ursu.797272 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ursu.797272 virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
HTTPS urls from behavior.
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Ursu.797272?


File Info:
name: 37258104156188EDC793.mlwpath: /opt/CAPEv2/storage/binaries/217005deb6e8563f3cb860c3410ebba68a409fd67c0e357b181649361f427c7bcrc32: 3F5E5DABmd5: 37258104156188edc793e8f38669d5e5sha1: 074c1a31fdb26f2b22e073303bd56fae9a9bac1asha256: 217005deb6e8563f3cb860c3410ebba68a409fd67c0e357b181649361f427c7bsha512: 98bf2914b28192fbc20218cc475dff771fb11488f0a0018b21cef989a1e0e00d85f21738303926ab9ac83b5b7d0fa7737bf7d2fa47f6ceb9983802d4311e0448ssdeep: 3072:vcmHaycfbSxL3HhmY1nk0YKAzDiLFDtZ3SeEclEHklu70FKqjnn0RcrUyTahqFgW:vcmHaycfo/yCD33SeEcqvcEcHvh+Qtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E664221A41450C0BFF3946BC94EBEBB1DFADA0A446A559337E8C792F1FB68D90E13064sha3_384: 6f046f93c3b98af74d582427c1e37bd03cdd204e11dbde4396fbffb20c63b9ec1e201d0c0afb4d9b5dd9cec132b042baep_bytes: 60be006048008dbe00b0f7ffc787a060timestamp: 1992-06-19 22:22:17
Version Info:
CompanyName: FileDescription: FileVersion: 1.0.0.0InternalName: LegalCopyright: LegalTrademarks: OriginalFilename: ProductName: ProductVersion: 1.0.0.0Translation: 0x0409 0x04e4

Ursu.797272 also known as:

DrWeb	Trojan.DownLoader15.19715
MicroWorld-eScan	Gen:Variant.Ursu.797272
FireEye	Generic.mg.37258104156188ed
CAT-QuickHeal	Trojanspy.Banker.8354
McAfee	GenericRXAA-AA!372581041561
Cylance	Unsafe
K7AntiVirus	Trojan ( 7000000f1 )
K7GW	Trojan ( 7000000f1 )
Cybereason	malicious.415618
BitDefenderTheta	Gen:NN.ZelphiF.34742.tmKfaqB1Grfj
VirIT	Trojan.Win32.Banker6.BQWQ
Cyren	W32/A-4193a7fa!Eldorado
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/Spy.Banker.AAVQ
ClamAV	Win.Trojan.Strictor-411
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ursu.797272
NANO-Antivirus	Trojan.Win32.Strictor.dfwnsc
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.10c2742d
Ad-Aware	Gen:Variant.Ursu.797272
Emsisoft	Gen:Variant.Ursu.797272 (B)
Comodo	TrojWare.Win32.Delf.EDS@5t0yr4
Zillya	Trojan.Banz.Win32.5229
Trapmine	malicious.moderate.ml.score
Ikarus	Trojan.Win32.Fune
GData	Gen:Variant.Ursu.797272
Jiangmin	Trojan/Banker.Banz.djw
Avira	HEUR/AGEN.1245083
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/Hupe.Gen
VBA32	TrojanBanker.Banz
ALYac	Gen:Variant.Ursu.797272
MAX	malware (ai score=83)
Malwarebytes	Malware.Heuristic.1003
APEX	Malicious
Yandex	TrojanSpy.Banker!iLr3twZ1QWE
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Banker.AAXV!tr.spy
AVG	Win32:Trojan-gen
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_70% (W)