Malware

What is “Ursu.942904”?

Malware Removal

The Ursu.942904 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.942904 virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with Confuser
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Ursu.942904?



File Info:

name: 6B21114ACE6928B5080B.mlw
path: /opt/CAPEv2/storage/binaries/2cb3e5ac859c0474986a80fd4a15b992370c266a4cc516f751078aeea83a0e99
crc32: F84171EF
md5: 6b21114ace6928b5080b9a2fbadcfe98
sha1: 31b8b47ac5d5fa8767b8ee6323127f0350e56088
sha256: 2cb3e5ac859c0474986a80fd4a15b992370c266a4cc516f751078aeea83a0e99
sha512: 39e2630f2167df1afc30e15e8e2bb6a412485a2f1f542be7f044fdb9ee27013894b1a5b4e5b2c4ee6ca9a5bc882dd62f7e252959a5c0ab65c33b4b8601c8fcfa
ssdeep: 384:5mbrjA06oCugXSK/FE4Z8AUecDGz5OQtWLqIAyjsW737Lm8GpdKvpyzYzxo69:4HA0zgCKt3E+HtWLLm8CKvbzxo69
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T16EA25C04A9DCD923D76907BCD857DB000B70AB32691BE3CF7D66B1A25D467B209073A3
sha3_384: c779b15dff0952c13f097681b393934d8f88a3e974cf66cf01e9e08a3069e29a48f9c7a711019573bc8537dc9709fcc0
ep_bytes: ff250020400000000000000000000000
timestamp: 2019-05-01 15:27:37


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Subway Checker Standalone
FileVersion: 1.0.0.0
InternalName: Subway Checker Standalone.exe
LegalCopyright: Copyright ©  2019
LegalTrademarks: 
OriginalFilename: Subway Checker Standalone.exe
ProductName: Subway Checker Standalone
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ursu.942904 also known as:

LionicTrojan.Win32.Ursu.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.942904
ALYacGen:Variant.Ursu.942904
CylanceUnsafe
SangforRiskware.Win32.Wacapew.C
BitDefenderGen:Variant.Ursu.942904
K7GWHacktool ( 0055294e1 )
K7AntiVirusHacktool ( 0055294e1 )
BitDefenderThetaGen:NN.ZemsilF.34606.bm0@aabrpZm
SymantecML.Attribute.HighConfidence
ESET-NOD32MSIL/HackTool.BruteForce.KK
APEXMalicious
Paloaltogeneric.ml
AlibabaTrojan:MSIL/Confuser.18726b03
RisingMalware.Obfus/MSIL@AI.94 (RDM.MSIL:WKQ/eRTYmWtzQ2wBfLGyDw)
Ad-AwareGen:Variant.Ursu.942904
SophosGeneric ML PUA (PUA)
F-SecureHeuristic.HEUR/AGEN.1216809
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.6b21114ace6928b5
EmsisoftGen:Variant.Ursu.942904 (B)
IkarusTrojan.MSIL.Confuser
JiangminTrojan.MSIL.pvcy
AviraHEUR/AGEN.1216809
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Ursu.DE6338
GDataGen:Variant.Ursu.942904
CynetMalicious (score: 100)
McAfeeArtemis!6B21114ACE69
TrendMicro-HouseCallTROJ_GEN.R002H0CJK21
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7175203.susgen
FortinetMSIL/BruteForce.KK!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.ace692
AvastWin32:Trojan-gen

How to remove Ursu.942904?

Ursu.942904 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment