What is “Ursu.925651”?

The Ursu.925651 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ursu.925651 virus can do?

Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Ursu.925651?


File Info:
name: 01CA2BD3368BEFE94905.mlw
path: /opt/CAPEv2/storage/binaries/1b38b5080ad5e9a27595570dd6b465c53c21da0fcbd63fbe3f8a8d61f99bb841
crc32: E0A461BF
md5: 01ca2bd3368befe94905c203685381dc
sha1: a655bb5cdba6026bef50a5014ee6fcc266ff05d1
sha256: 1b38b5080ad5e9a27595570dd6b465c53c21da0fcbd63fbe3f8a8d61f99bb841
sha512: 88b0d70e6ba9b30c192f7f12edeb9f34e9b447399353faed14fafb5c7c05d0cd298c36543f4c233ed21c30827cd401f2217e67a6f7138d893ff93c15c4719da2
ssdeep: 96:XcE7urjh1I9v8bcBdLK4vSNWsGoKAJ6GzzEcs5z02Y:MKu/hiCbcBhlpFAJ6MEcsTY
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T10EE1930663E87515E5EF0BB904F7C2C15BB6B5327E71C28F18C4615CEE81A1316E2BB1
sha3_384: 33a6a0a42d64c26e20211321929473a613413b6476a80e9a593f140946a355d0196f22dc95d288f83ba579cc65a51c07
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-05-12 22:18:12

Version Info:
Translation: 0x007f 0x04b0
Comments:  
CompanyName:  
FileDescription:  
FileVersion: 0.0.0.0
InternalName: TIR_2021_Update.bat.exe
LegalCopyright:  
LegalTrademarks:  
OriginalFilename: TIR_2021_Update.bat.exe
ProductName:  
ProductVersion:

Ursu.925651 also known as:

Lionic	Trojan.Win32.Ursu.4!c
MicroWorld-eScan	Gen:Variant.Ursu.925651
FireEye	Generic.mg.01ca2bd3368befe9
ALYac	Gen:Variant.Ursu.925651
Cylance	Unsafe
VIPRE	Gen:Variant.Ursu.925651
Sangfor	Dropper.Msil.Agent.V098
K7AntiVirus	Trojan ( 0054d0271 )
Alibaba	Trojan:MSIL/Generic.beab8b11
K7GW	Trojan ( 0054d0271 )
Cybereason	malicious.3368be
Symantec	Trojan.Gen.MBT
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of MSIL/TrojanDropper.Agent.DZM
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
BitDefender	Gen:Variant.Ursu.925651
Avast	Win32:Trojan-gen
Ad-Aware	Gen:Variant.Ursu.925651
Emsisoft	Gen:Variant.Ursu.925651 (B)
SentinelOne	Static AI – Suspicious PE
Avira	HEUR/AGEN.1235071
Antiy-AVL	Trojan/Generic.ASMalwS.2AA
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Ursu.925651
Google	Detected
McAfee	RDN/Generic Dropper
MAX	malware (ai score=83)
TrendMicro-HouseCall	TROJ_GEN.R002H0CHH22
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:vOlN/W3tm9wJNI/AjpZh7Q)
Ikarus	Trojan-Dropper.MSIL.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.DZM!tr
AVG	Win32:Trojan-gen
Panda	Trj/Chgt.AD
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Ursu.925651?

Ursu.925651 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X