Malware

What is “Ursu.854926 (B)”?

Malware Removal

The Ursu.854926 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ursu.854926 (B) virus can do?

  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Ursu.854926 (B)?


File Info:

name: 01910F6C3C1C3FDA6A29.mlw
path: /opt/CAPEv2/storage/binaries/c57c6b09a8e9f25698d31e8df5d97d7dbe1de4227f33990bda1dc094296af4aa
crc32: 1F1EB2FB
md5: 01910f6c3c1c3fda6a299a20984ef2a8
sha1: 52e3b8de15f53f8acbacd85ce035c0d9e203922e
sha256: c57c6b09a8e9f25698d31e8df5d97d7dbe1de4227f33990bda1dc094296af4aa
sha512: 7ea6d90658c078bf0a6eef7e11c6d7ca98f8b635cf6a3cdb30c858a9ee53cb0f1fa0b6cf97512292d6db37fddf11ad6a7fcb4f8df06a15b4aad820b7f46ee171
ssdeep: 24576:zay7E6Ehg7mM+M6RkMkIM7gE6Eh67VdykFnzFjaO:GW0g7mM+M6RkMkIM7I067nyyzFT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10845AE02F7C098B5E4B68135497797381B77BC354E10875F3368B74EAD312C2AA3AB66
sha3_384: 9feaf4e7ad4fb77cea5ed1272a479be0b063aa5afaefed99fb66894fec1fdd80873f17b83c724990d7061ca0974dceb4
ep_bytes: 6a706870170001e8b602000033ff57ff
timestamp: 2001-08-17 20:51:15

Version Info:

CompanyName: Microsoft Corporation
FileDescription: System Information
FileVersion: 5.1.2600.0 (XPClient.010817-1148)
InternalName: msinfo32.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: msinfo32.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.0
Translation: 0x0409 0x04b0

Ursu.854926 (B) also known as:

tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Ursu.854926
FireEyeGeneric.mg.01910f6c3c1c3fda
ALYacGen:Variant.Ursu.854926
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.c3c1c3
CyrenW32/Patched.CJ.gen!Eldorado
Elasticmalicious (high confidence)
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ursu.854926
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10ce28ee
Ad-AwareGen:Variant.Ursu.854926
EmsisoftGen:Variant.Ursu.854926 (B)
ZillyaTrojan.GenericKD.Win32.154658
McAfee-GW-EditionBehavesLike.Win32.Virut.th
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ursu.854926
AviraHEUR/AGEN.1249061
ArcabitTrojan.Ursu.DD0B8E
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!01910F6C3C1C
MAXmalware (ai score=84)
RisingTrojan.Generic!8.C3 (RDMK:cmRtazruP35geLgoBIzGQnvl/4Uw)
IkarusTrojan-Dropper.Agent
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Ipamor.7AD6!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Ursu.854926 (B)?

Ursu.854926 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment