Malware

What is “Ursu.854087”?

Malware Removal

The Ursu.854087 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.854087 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Detected script timer window indicative of sleep style evasion
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Ursu.854087?



File Info:

crc32: 2E84C36D
md5: 98f8b8e5a4916d095a15343114267a9d
name: 98F8B8E5A4916D095A15343114267A9D.mlw
sha1: b1a49442601f410e73eb441db44fdedcc646db2c
sha256: 8e31f583f0d50af57cdd66ca2acdd1fe721b2885232b67cc5ff470d3f8480e82
sha512: 01134de52a85919a948d866d847a95682a7d38b8a80f63d0b80ac018dba60222aafc9583cf9f6b6fd089970e4fd91c25ff427d9f9fd19cca413ac4c139222041
ssdeep: 49152:rW91uL8MFujaXTLhrXNuLs/gFLZEr0AUgz:rW+vkja3hr9u4mmrA
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

LegalCopyright: Copyright xa92006-2016 The qBittorrent project
InternalName: qbittorrent
FileVersion: v3.3.7
CompanyName: The qBittorrent project
ProductName: qBittorrent
ProductVersion: v3.3.7
FileDescription: qBittorrent - A Bittorrent Client
OriginalFilename: qbittorrent.exe
Translation: 0x0409 0x04b0

Ursu.854087 also known as:

K7AntiVirusTrojan ( 0056e7231 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader23.30907
CynetMalicious (score: 85)
ALYacGen:Variant.Ursu.854087
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.36269
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Blocker.72d7afaa
K7GWTrojan ( 0056e7231 )
Cybereasonmalicious.5a4916
CyrenW32/S-748b34e9!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.QUD
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Blocker.jvom
BitDefenderGen:Variant.Ursu.854087
NANO-AntivirusTrojan.Win32.MSILPerseus.ejsgfq
MicroWorld-eScanGen:Variant.Ursu.854087
TencentWin32.Trojan.Blocker.Hxgi
Ad-AwareGen:Variant.Ursu.854087
SophosMal/Generic-S
ComodoMalware@#3sv06ovaj75fh
BitDefenderThetaGen:NN.ZemsilF.34608.Pn0@aW8Y@ski
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
FireEyeGeneric.mg.98f8b8e5a4916d09
EmsisoftGen:Variant.Ursu.854087 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1120541
eGambitUnsafe.AI_Score_99%
MicrosoftTrojan:Win32/Dynamer!ac
ArcabitTrojan.Ursu.DD0847
GDataGen:Variant.Ursu.854087
AhnLab-V3Trojan/Win32.Agent.C2279040
McAfeeArtemis!98F8B8E5A491
MAXmalware (ai score=88)
VBA32TScope.Trojan.MSIL
PandaTrj/GdSda.A
RisingRansom.Blocker!8.12A (TFE:C:v5UvGKFlaVJ)
YandexTrojan.Injector!lk1SOaXSk1w
IkarusTrojan.MSIL.Injector
FortinetMSIL/Injector.QUS!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Blocker.HwMAzZcA

How to remove Ursu.854087?

Ursu.854087 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment