Ursu.845291 (file analysis)

The Ursu.845291 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ursu.845291 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
Unconventionial language used in binary resources: Catalan
Executed a process and injected code into it, probably while unpacking
Tries to unhook or modify Windows functions monitored by Cuckoo
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Ursu.845291?


File Info:
crc32: 563C24BA
md5: 9d297926e4dd80dceefdafdb0735abbb
name: 9D297926E4DD80DCEEFDAFDB0735ABBB.mlw
sha1: 2a8be1681b8f7a571f7202b375e8501068d8e67e
sha256: 621249d65d8fba9cfa52c4a5ed4b8015235028930a5590b00de6d21ffb6e1911
sha512: d26964ecd1bfd808160e216bdda6b00945d7f2cab36f947bb3bcaed38fbf7fd4e5c4bd476f538d50bb53bed1c29d327b2bbf06b462c472c8e17079a97a9d9561
ssdeep: 6144:AS4EKH/BbWlJtT7qCeHQjbXBcsBwH+clrzy3/gANsSv2:AlEQ/V0nlusyHLlrzAgAmB
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
InternalName: FiHoP
FileVersion: 4.09.0021
CompanyName: 
LegalTrademarks: Create & discover new Champion builds/strategies, check your Summoner statistics and try our powerful LoL charts.
Comments: Create & discover new Champion builds/strategies, check your Summoner statistics and try our powerful LoL charts.
ProductName: Neiron
ProductVersion: 4.09.0021
FileDescription: Create & discover new Champion builds/strategies, check your Summoner statistics and try our powerful LoL charts.
OriginalFilename: FiHoP.exe

Ursu.845291 also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0055e3991 )
Lionic	Trojan.Win32.Shade.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.858
ClamAV	Win.Trojan.Johnnie-6622858-0
McAfee	Trojan-FJNP!9D297926E4DD
Malwarebytes	Malware.AI.4050612083
Zillya	Trojan.Shade.Win32.303
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Ransom:Win32/Shade.6372b5b0
K7GW	Trojan ( 0055e3991 )
Cybereason	malicious.6e4dd8
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.DEID
APEX	Malicious
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.Shade.yi
BitDefender	Gen:Variant.Ursu.845291
NANO-Antivirus	Trojan.Win32.Shade.egheff
MicroWorld-eScan	Gen:Variant.Ursu.845291
Tencent	Malware.Win32.Gencirc.114b6156
Ad-Aware	Gen:Variant.Ursu.845291
Sophos	Mal/Generic-S
Comodo	Malware@#13jxm7exqh41f
BitDefenderTheta	Gen:NN.ZevbaF.34058.vm3@aKX4GolO
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_HPCERBER.SMJ
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.fc
FireEye	Generic.mg.9d297926e4dd80dc
Emsisoft	Gen:Variant.Ursu.845291 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Shade.cu
Avira	HEUR/AGEN.1102558
Antiy-AVL	Trojan/Generic.ASMalwS.1ACB5ED
Microsoft	Trojan:Win32/Occamy.C
SUPERAntiSpyware	Ransom.Troldesh/Variant
GData	Gen:Variant.Ursu.845291
AhnLab-V3	Trojan/Win32.Androm.R187454
VBA32	Hoax.Shade
MAX	malware (ai score=100)
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom_HPCERBER.SMJ
Yandex	Trojan.GenAsa!7hu2NPO1Dng
Ikarus	Trojan.Win32.Injector
Fortinet	W32/Injector.DEID!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Shade.HwMAEpsA

How to remove Ursu.845291?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Ursu.845291 (file analysis)