Malware

Ursu.866014 malicious file

Malware Removal

The Ursu.866014 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.866014 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates a copy of itself
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ursu.866014?



File Info:

name: 2C7A5E7F5A963BEF5942.mlw
path: /opt/CAPEv2/storage/binaries/e5160281240b71e72d37d0fdedf0a66a216dd6089aacb556110839313303adf7
crc32: 65B8E2D9
md5: 2c7a5e7f5a963bef59422b5c85844de0
sha1: d92ca077642d8a235d66599c764351a81f49985a
sha256: e5160281240b71e72d37d0fdedf0a66a216dd6089aacb556110839313303adf7
sha512: a0e3af2726c80a9f9a9d863b87655929864efa7b9d001db7c6649a90c84c6aa39f993bcd7a19504e52e1c1707ad5c0cb09ff7ead1e1150f2ac2e976efa2bab62
ssdeep: 12288:N0efDs5N+qXwhyMVZthibtnSCNKQS8hVjyHKviTLQaN3V7W8pCx2U5aa1OZ:N0a/tZDibQCI6Vd2Qy68pCx2U5aaU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1451512CE37AA81F1D78BB23161273B3195B79F910FE6490353862A5E5DF0FE29861243
sha3_384: 5c8efa1e97447421a406f512dfc0d2d960e2a6c512d5ec6f3c083c3fbdff3b86af1cffacb30e0bb51d77c90a9bcadb34
ep_bytes: 558bec6aff68f070400068743b400064
timestamp: 2014-08-09 14:05:34


Version Info:

Comments: 2011-7-8 20:07:06
CompanyName: Tencent
FileDescription: Tencent Download Components
FileVersion: 1.0.1012.401
InternalName: Tencent Download Components
LegalCopyright: Copyright © 1998-2012 Tencent. All Rights Reserved.
OriginalFilename: QQPCDetector.exe
ProductName: Tencent Download Components
ProductVersion: 1.0.1012.401
Translation: 0x0804 0x04b0

Ursu.866014 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Magania.lnuR
MicroWorld-eScanGen:Variant.Ursu.866014
ClamAVWin.Trojan.Farfli-9854060-0
FireEyeGeneric.mg.2c7a5e7f5a963bef
CAT-QuickHealBackdoor.Zegost.32323
ALYacGen:Variant.Ursu.866014
Cylanceunsafe
VIPREGen:Variant.Ursu.866014
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0040f8881 )
AlibabaBackdoor:Win32/Farfli.6cc883d5
K7GWTrojan ( 005690671 )
Cybereasonmalicious.7642d8
BaiduWin32.Backdoor.Zegost.a
VirITBackdoor.Win32.Generic.JCF
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Farfli.BDH
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Farfli.btz
BitDefenderGen:Variant.Ursu.866014
NANO-AntivirusTrojan.Win32.Farfli.dgntgl
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b22273
EmsisoftGen:Variant.Ursu.866014 (B)
F-SecureTrojan.TR/Dropper.Gen7
DrWebTrojan.Inject1.46090
ZillyaBackdoor.Farfli.Win32.906
Trapminemalicious.high.ml.score
SophosTroj/Zegost-GO
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Farfli.ajz
AviraTR/Dropper.Gen7
MAXmalware (ai score=82)
Antiy-AVLTrojan[Backdoor]/Win32.Farfli
XcitiumTrojWare.Win32.Farfli.ARC@58i6lt
ArcabitTrojan.Ursu.DD36DE
ZoneAlarmBackdoor.Win32.Farfli.btz
GDataGen:Variant.Ursu.866014
GoogleDetected
AhnLab-V3Trojan/Win32.HDC.C655454
BitDefenderThetaGen:NN.ZexaF.36662.4u0@ayq@n!ej
VBA32Backdoor.Farfli
MalwarebytesMalware.Heuristic.1001
PandaTrj/Genetic.gen
RisingBackdoor.Zegost!8.177 (TFE:5:0voezHUATGM)
YandexTrojan.Farfli!RMNxDUSsM+8
IkarusBackdoor.Win32.Zegost
FortinetW32/Generic.AP.1906AE!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ursu.866014?

Ursu.866014 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment