Malware

What is “Ursu.909579”?

Malware Removal

The Ursu.909579 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.909579 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs

How to determine Ursu.909579?



File Info:

name: F45EA1F0E81BF3AD41CE.mlw
path: /opt/CAPEv2/storage/binaries/ca08633bb1953c047e83846d953055580b9714ef15f65be3e5cd9f327d211ab0
crc32: 0534F951
md5: f45ea1f0e81bf3ad41ceab954c509e60
sha1: 767ad7977a57c4d2f12d0b2b83ccd9306ce17c59
sha256: ca08633bb1953c047e83846d953055580b9714ef15f65be3e5cd9f327d211ab0
sha512: 86e2d71df14718d2b28e9ef0bf5973144eb4a08e1213b2db1de3a10b514812ae6a6ef8b7f7ec7ded7e2e9adb62637244fe53be246c68cd43e07ac874d362377f
ssdeep: 12288:s7+NyWRjPM08UW3PhYdwK5oxEZyZnTO125U26Ar1Xv12LA845:c+Ny+E0O35YB0EEZn02x1Xv12Lc5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C3A423514D442251EF9235B8630FDDF20B8A2AA66797B464D9BFE89E5131FC0B86330F
sha3_384: 27eb6d39d2df7a1679bf4ff162410f4e9a302ea1a27d1ba045f117b5e185c98218aa01428e4c70bc55e0476199c4e632
ep_bytes: 60be00404a008dbe00d0f5ff57eb0b90
timestamp: 2020-05-20 10:30:36


Version Info:

Translation: 0x0409 0x04b0
Comments: This Program is Free!
CompanyName: https://topersoft.ml
FileDescription: Launcher for GoodbyeDPI
LegalCopyright: Program by TOPER © 2020
LegalTrademarks: TOPERSOFT © 2017-2020
ProductName: Launcher for GoodbyeDPI
FileVersion: 3.07
ProductVersion: 3.07
InternalName: Launcher for GoodbyeDPI
OriginalFilename: Launcher for GoodbyeDPI.exe

Ursu.909579 also known as:

BkavW32.AIDetect.malware2
LionicRiskware.Win32.Graftor.1!c
MicroWorld-eScanGen:Variant.Ursu.909579
FireEyeGen:Variant.Ursu.909579
McAfeeArtemis!F45EA1F0E81B
CylanceUnsafe
SangforTrojan.Win32.Wacatac.D
AlibabaTrojan:Win32/Generic.cc6869fe
Cybereasonmalicious.0e81bf
SymantecML.Attribute.HighConfidence
Paloaltogeneric.ml
BitDefenderGen:Variant.Ursu.909579
Ad-AwareGen:Variant.Ursu.909579
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Ursu.909579 (B)
IkarusTrojan.Agent
GDataGen:Variant.Ursu.909579
eGambitUnsafe.AI_Score_58%
MicrosoftTrojan:Win32/Occamy.CCA
AhnLab-V3Malware/Win32.RL_Generic.R360582
ALYacGen:Variant.Ursu.909579
MAXmalware (ai score=88)
APEXMalicious
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.8328450.susgen
FortinetW32/PossibleThreat
WebrootW32.Malware.Gen
PandaTrj/GdSda.A

How to remove Ursu.909579?

Ursu.909579 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment