Malware

What is “Ursu.817686”?

Malware Removal

The Ursu.817686 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ursu.817686 virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Ursu.817686?


File Info:

name: 0A9453E1E29EC62CC56D.mlw
path: /opt/CAPEv2/storage/binaries/6991e0181070dfb8122cb101a3719bb7962a6636730ef6949172136db445234b
crc32: 78985AC5
md5: 0a9453e1e29ec62cc56db594df87392d
sha1: 70cd07cc90e5e7168021d28b57ef54ebd5267c11
sha256: 6991e0181070dfb8122cb101a3719bb7962a6636730ef6949172136db445234b
sha512: 96ba5db1e355571ee2befbe19a59f68e7ee077695c506347be3d31a825f9155a1ef533681224cdfdc6f6ff6e5050f064b96ec411b863cb08f5ac528824c511c1
ssdeep: 3072:tj+FpR2uP8q6Fmj1hgBFe2WJXi2jTFEVorCB:tqt6Fmj4BKJXi2jTFQo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AFA3F19153F1D321CA7FAAB668515A3113FACD829056FBBF6E80305F0CF26015FA2956
sha3_384: c93485f06eed2fbfd7c408142c16db23b022897645536f4f17a65d34ac416a6e973a8b0785e9b5ab1946721481d2cb86
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-10-30 21:53:44

Version Info:

Translation: 0x0000 0x04b0
Comments: 式种延谢仿伪用种问谢乓自外仰道
CompanyName: 式种延谢仿伪用种问谢乓自外仰道
FileDescription: Winrar
FileVersion: 7867.786.0.0
InternalName: Winrar.exe
LegalCopyright: Copyright © 2014
OriginalFilename: Winrar.exe
ProductName: Winrar式种延谢仿伪用种问谢乓自外仰道
ProductVersion: 7867.786.0.0
Assembly Version: 578.78.0.0

Ursu.817686 also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.FrauDrop.4!c
Elasticmalicious (high confidence)
DrWebBackDoor.Bladabindi.1393
MicroWorld-eScanGen:Variant.Ursu.817686
FireEyeGeneric.mg.0a9453e1e29ec62c
ALYacGen:Variant.Ursu.817686
SangforTrojan.MSIL.Agent.AQJ
K7AntiVirusTrojan ( 700000121 )
AlibabaTrojanDropper:Win32/FrauDrop.13f56e9a
K7GWTrojan ( 700000121 )
Cybereasonmalicious.1e29ec
ArcabitTrojan.Ursu.DC7A16
BitDefenderThetaGen:NN.ZemsilF.34666.gq0@aGkQN7
VirITBackdoor.Win32.Generic.BAMY
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.AQJ
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyTrojan-Dropper.Win32.FrauDrop.ahiyt
BitDefenderGen:Variant.Ursu.817686
NANO-AntivirusTrojan.Win32.Drop.diecfv
AvastWin32:Malware-gen
TencentWin32.Trojan-dropper.Fraudrop.Hfg
Ad-AwareGen:Variant.Ursu.817686
EmsisoftGen:Variant.Ursu.817686 (B)
ComodoMalware@#10eus3yk56bpx
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
IkarusTrojan-Dropper.Win32.FrauDrop
AviraHEUR/AGEN.1236697
MAXmalware (ai score=84)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftBackdoor:MSIL/Bladabindi
GDataGen:Variant.Ursu.817686
AhnLab-V3Malware/Win32.RL_Generic.C4244082
Acronissuspicious
McAfeeArtemis!0A9453E1E29E
VBA32Trojan.MSIL.gen.a.15
APEXMalicious
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Kryptik.ALV!tr
AVGWin32:Malware-gen
PandaTrj/Chgt.J
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ursu.817686?

Ursu.817686 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment