Malware

About “Ursu.828556” infection

Malware Removal

The Ursu.828556 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ursu.828556 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Ursu.828556?


File Info:

name: 79DA7AE9F994DC3C592D.mlw
path: /opt/CAPEv2/storage/binaries/5f78d926249ab7b628633659d904b697c035c8760418125c03c89a8ebf0805f4
crc32: 2E91DC99
md5: 79da7ae9f994dc3c592de4fbe37c0d54
sha1: ad13a8d9f92fc5239fe46c42af6074a25cbc4657
sha256: 5f78d926249ab7b628633659d904b697c035c8760418125c03c89a8ebf0805f4
sha512: 2bf4187a934e1877de88f9f796f3284dd0389b0ebee064e43de7619b1de3fbfe2af27421b93f288a5588e8d19e571c0c6138df8e0617289d3c9c9ec9677eb042
ssdeep: 768:ONYDPti9Dl/iiPds43dSFBHrJQwR+opXW7H:Oh6aEFvhm7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13133E30B96CE3EE1C5790A32777757C0D36DDE0059A3EA6E14C5713A8ABE48B38827D4
sha3_384: 8f649b59d9930109e70a380dc3a44e84707a9387ae6793d26d62c8f85d03fa5dd6b11b89cdc0682d310416f22b3cfc47
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-12-03 14:16:40

Version Info:

Translation: 0x0000 0x04b0
FileDescription: 1
FileVersion: 1.0.0.0
InternalName: 1.exe
LegalCopyright: Copyright © 2017
OriginalFilename: 1.exe
ProductName: 1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ursu.828556 also known as:

LionicTrojan.MSIL.Zapchast.m4kg
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.828556
FireEyeGeneric.mg.79da7ae9f994dc3c
McAfeeArtemis!79DA7AE9F994
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1315046
SangforTrojan.MSIL.Kryptik.GBD
K7AntiVirusTrojan ( 005302041 )
AlibabaTrojan:MSIL/Kryptik.391d397a
K7GWTrojan ( 005302041 )
Cybereasonmalicious.9f994d
CyrenW32/S-5901d407!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.CHS
APEXMalicious
Paloaltogeneric.ml
BitDefenderGen:Variant.Ursu.828556
NANO-AntivirusTrojan.Win32.Kryptik.evtqdl
AvastMSIL:Injector-EQ [Trj]
TencentWin32.Trojan.Zusy.Akzi
Ad-AwareGen:Variant.Ursu.828556
SophosMal/Generic-R
ComodoMalware@#xx8fj8atiko1
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0GKJ21
McAfee-GW-EditionBehavesLike.Win32.Generic.ph
EmsisoftGen:Variant.Ursu.828556 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ursu.828556
AviraHEUR/AGEN.1120352
Antiy-AVLTrojan/Generic.ASMalwS.22FCEDC
ViRobotTrojan.Win32.Z.Zusy.50176.FC
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Gen
Acronissuspicious
BitDefenderThetaGen:NN.ZemsilF.34294.dm0@a0ccAZd
ALYacGen:Variant.Ursu.828556
MAXmalware (ai score=97)
MalwarebytesMachineLearning/Anomalous.96%
TrendMicro-HouseCallTROJ_GEN.R002C0GKJ21
YandexTrojan.Kryptik!cWKLTXALxNE
IkarusTrojan.MSIL.Injector
eGambitUnsafe.AI_Score_100%
FortinetMSIL/Injector.QSJ!tr
MaxSecureTrojan.Malware.300983.susgen
AVGMSIL:Injector-EQ [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.Generic.HwMAEpsA

How to remove Ursu.828556?

Ursu.828556 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment