Malware

What is “Ursu.821749”?

Malware Removal

The Ursu.821749 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.821749 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Unconventionial binary language: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the EnigmaStub malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Ursu.821749?



File Info:

name: 1BEAB361FF030D5A2220.mlw
path: /opt/CAPEv2/storage/binaries/727470a46ad76bd1347318906fd68da3930b870a467981ee25f51f4bcf6e754e
crc32: 3F2EA07E
md5: 1beab361ff030d5a222012be75a62797
sha1: ac96ad4e0a70123e0366390e61aa99fa609dfe62
sha256: 727470a46ad76bd1347318906fd68da3930b870a467981ee25f51f4bcf6e754e
sha512: 73f1315822049362c1c0e3230ee1f829ef23f6902444cc9fbd5d50409e753c8a9bd8bbb9a2253f6d3651cab66a6a6d9ee23ff2c1c1ba66bf913d0f16c4656671
ssdeep: 49152:gUa2OKG6icAOOSQsbsaUJDH25n+PZwhUvr:s2OLRcAOOcPUNH2cPEU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14EA5233511DB9739D0A984F3A74582EA9DF0AA9413072BB315E76F7F213C4F8D68A318
sha3_384: ec7fdbc6625c566afb732c5b5bba90cf666774c3cb780c445b24acd7fc77907813edf94ea06f0a278633a2beee15236c
ep_bytes: e861000000e979feffff6860bb440064
timestamp: 2019-04-04 21:14:09


Version Info:

CompanyName: Company Checker By D.ExNerox
FileDescription: Company Checker
FileVersion: 1.0.0.0
InternalName: news.exe
LegalCopyright: Copyrights (C) Danil ExNerox
LegalTrademarks: Trademarks (R) Danil ExNerox
OriginalFilename: news.exe
ProductName: Company updater
ProductVersion: 1.0
Comments: vk.com/danil.exnerox
Translation: 0x0419 0x04b0

Ursu.821749 also known as:

BkavW32.AIDetect.malware2
LionicHeuristic.File.Generic.00×1!p
MicroWorld-eScanGen:Variant.Ursu.821749
FireEyeGeneric.mg.1beab361ff030d5a
McAfeeArtemis!1BEAB361FF03
CylanceUnsafe
VIPREGen:Variant.Ursu.821749
SangforTrojan.Win32.Occamy.C72
K7AntiVirusTrojan ( 004befdb1 )
AlibabaPacked:Win32/EnigmaProtector.a665a977
K7GWTrojan ( 004befdb1 )
Cybereasonmalicious.1ff030
CyrenW32/Threat-HLLIE-based!Maximus
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
BitDefenderGen:Variant.Ursu.821749
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Ursu.821749
SophosMal/Generic-S
TrendMicroTROJ_FRS.0NA103F220
McAfee-GW-EditionBehavesLike.Win32.BadFile.vc
EmsisoftGen:Variant.Ursu.821749 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ursu.821749
AviraHEUR/AGEN.1246839
MAXmalware (ai score=85)
ArcabitTrojan.Ursu.DC89F5
MicrosoftTrojan:MSIL/Bladabindi.SWERRER!MTB
GoogleDetected
ALYacGen:Variant.Ursu.821749
VBA32Trojan.Zpevdo
MalwarebytesMalware.Heuristic.1003
TrendMicro-HouseCallTROJ_FRS.0NA103F220
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
YandexTrojan.GenAsa!UVo38gNh3PI
IkarusPUA.EnigmaProtector
MaxSecureTrojan.Malware.84424428.susgen
FortinetRiskware/Application
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Ursu.821749?

Ursu.821749 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment