Malware

Ursu.879561 malicious file

Malware Removal

The Ursu.879561 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.879561 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality

How to determine Ursu.879561?



File Info:

name: 13B198F62DF991F50BB3.mlw
path: /opt/CAPEv2/storage/binaries/3f5eba066a5e00e4daf6301cb67207b12f8a5b028708f18293f75963b04b802f
crc32: 3BFA5F05
md5: 13b198f62df991f50bb3d3d6cc7e3042
sha1: f5b52e93c505dff8fc3f575c1da43a9d868d81bd
sha256: 3f5eba066a5e00e4daf6301cb67207b12f8a5b028708f18293f75963b04b802f
sha512: 9ed9792d0ea42204b9d6e1b3e105d35fe9319213937cbb0e75a670976cb40b878bcd00c75a82469f6e15a0c7970929c788725d7a7e59a874646fb75ae268b475
ssdeep: 768:6W3Jb6JHkAz3UUpSpdukglhr1jCoXEd5AEbeTrZATO:r3Z0P1Um7jCKqT
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T163E2D0535258F776C5741532242A4B88EB1DFA2981E9ABAF04F44D3E1C3F3D86F1172A
sha3_384: 88c35bbc4b1a9d0b29130aeda1e2bc8c29c0a7d41e6772634f8662c1e4ac38de4c640a3b6b6e6e8696404a912fda2b12
ep_bytes: 53565755488d35baa1ffff488dbedbef
timestamp: 2015-04-18 13:11:52


Version Info:

CompanyName: http://blog.naver.com/absolute_xss
FileDescription: 서든어택 스킨 도우미
FileVersion: 1,0,0,0
ProductName: SA Skin Helper
InternalName: SA Skin Helper
ProductVersion: 1.0.0.0
LegalCopyright: 도봉순(absolute_xss)
Translation: 0x0000 0x04e4

Ursu.879561 also known as:

ClamAVWin.Malware.Agen-7611693-0
MalwarebytesMalware.AI.3758089412
BitDefenderGen:Variant.Ursu.879561
Cybereasonmalicious.62df99
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Agent.nerrxw
MicroWorld-eScanGen:Variant.Ursu.879561
AvastWin64:Malware-gen
Ad-AwareGen:Variant.Ursu.879561
DrWebBAT.Hosts.41
FireEyeGen:Variant.Ursu.879561
EmsisoftGen:Variant.Ursu.879561 (B)
GDataGen:Variant.Ursu.879561
JiangminTrojanDropper.Agent.bzfl
MAXmalware (ai score=83)
ArcabitTrojan.Ursu.DD6BC9
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win.Agent.R445349
CylanceUnsafe
AVGWin64:Malware-gen
MaxSecureTrojan.Malware.300983.susgen

How to remove Ursu.879561?

Ursu.879561 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment