Malware

Ursu.862155 information

Malware Removal

The Ursu.862155 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.862155 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Ursu.862155?



File Info:

name: 849636AAFEBE3750E28C.mlw
path: /opt/CAPEv2/storage/binaries/94ac4070ee7b7a83a9e0486298570ea60ef9ea4d53fc24a10af56e25a72c2059
crc32: D428927E
md5: 849636aafebe3750e28c9bb9e8408e08
sha1: 016a7cf6c8485236ef017d9de5794d0ca0bda3a2
sha256: 94ac4070ee7b7a83a9e0486298570ea60ef9ea4d53fc24a10af56e25a72c2059
sha512: bdec4fdf9fc590caff9aa266e505d8a76ce8a5e2c48eedf1af67d999643c1d19fcae153f221b33ac1c026b28e70c0baeb808005e869db265eed372b1701eecdb
ssdeep: 1536:OVvRQa8Kwfyb8GbvrahtjqYSuJdHNqW+o658iUdLeuM8v7U3EEgVWMQmmy+DEm7O:6xPl4FqWHNcoKgBMiQmWMQxm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T161F3D82732999E62D534297AC3FB71A093F1AD8B2733E2496E8D325C09273537D45ACC
sha3_384: b5e93cb9e06df8af90361914903f7c421f27f0f8b2c34d8e4047f31458e79e8a24aeab0721d22e082ced7351028676b1
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-05-18 15:49:38


Version Info:

Translation: 0x0000 0x04b0
Comments: microsoft
CompanyName: microsoft
FileDescription: microsoft
FileVersion: 1.1.0.0
InternalName: lo.exe
LegalCopyright: Copyright ©  2016
OriginalFilename: lo.exe
ProductName: microsoft
ProductVersion: 1.1.0.0
Assembly Version: 1.1.0.0

Ursu.862155 also known as:

LionicTrojan.Win32.FrauDrop.b!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.862155
FireEyeGeneric.mg.849636aafebe3750
ALYacGen:Variant.Ursu.862155
CylanceUnsafe
ZillyaDropper.FrauDrop.Win32.29570
K7AntiVirusTrojan ( 0055e3e31 )
AlibabaTrojanDropper:Win32/FrauDrop.1271f8c1
K7GWTrojan ( 0055e3e31 )
Cybereasonmalicious.afebe3
CyrenW32/MSIL_Kryptik.AQX.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32MSIL/Bladabindi.F
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Dropper.Win32.FrauDrop.ajomp
BitDefenderGen:Variant.Ursu.862155
NANO-AntivirusTrojan.Win32.Drop.dsvfck
SUPERAntiSpywareTrojan.Agent/Gen-MSFake[Less]
AvastWin32:Malware-gen
TencentWin32.Trojan-dropper.Fraudrop.Eane
EmsisoftGen:Variant.Ursu.862155 (B)
ComodoMalware@#2usx6a030rqf2
DrWebTrojan.Fsysna.3434
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionPWS-FCRK!849636AAFEBE
SophosMal/Generic-S
IkarusBackdoor.Win32.DarkKomet
JiangminTrojanDropper.FrauDrop.aokj
AviraHEUR/AGEN.1202658
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftBackdoor:MSIL/Bladabindi
ZoneAlarmTrojan-Dropper.Win32.FrauDrop.ajomp
GDataGen:Variant.Ursu.862155
CynetMalicious (score: 100)
McAfeePWS-FCRK!849636AAFEBE
MAXmalware (ai score=100)
VBA32TrojanDropper.FrauDrop
RisingBackdoor.Bladabindi!8.B1F (CLOUD)
YandexTrojan.DR.FrauDrop!AiOJAUdBK+Q
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.1728101.susgen
FortinetMSIL/Bladabindi.F!tr
BitDefenderThetaGen:NN.ZemsilF.34182.jq0@a4yXidd
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Ursu.862155?

Ursu.862155 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment