Malware

Ursu.943380 (file analysis)

Malware Removal

The Ursu.943380 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.943380 virus can do?

  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ursu.943380?



File Info:

name: 5E91B052CFC73711470A.mlw
path: /opt/CAPEv2/storage/binaries/6d03fc2eec27dfb16f34a36b2f63c127aed56d638222c54aa9607a4bfa36db7d
crc32: EF62D669
md5: 5e91b052cfc73711470a2f7f775507ce
sha1: 69596bff85d8b496419cc5eb0d5d6ed291a37eb8
sha256: 6d03fc2eec27dfb16f34a36b2f63c127aed56d638222c54aa9607a4bfa36db7d
sha512: 579330e974a892899ba2a05a93f08f1d00e1bdc5164c81567292c029e9aafa2bd99d94fee6a319838f321dae19a234928a6ece0a5347c822901e6a912d10c51c
ssdeep: 98304:E5gC9Rw4dn9SDq6/bQf2IsvryLdrmyBDQbfC/b5jZds/p/fqVOa357cPsjgXTY4S:PCrzdn+q642Le7JQbkdjcsN3AlZb42t6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AB5633AB447675B0E082AD32D619A8F592007D139F0BB4A1EC53FDDE4439ED3EAD6207
sha3_384: ea47327d7ce60857c3c2bd66dbf1acee4555bd4da16c236a844b03eae4c84f6ead105d8bdaffc7530c37ad750d7876bd
ep_bytes: 60be00809b008dbe0090a4ff5783cdff
timestamp: 2019-12-03 05:40:04


Version Info:

0: [No Data]

Ursu.943380 also known as:

MicroWorld-eScanGen:Variant.Ursu.943380
FireEyeGen:Variant.Ursu.943380
ALYacGen:Variant.Ursu.943380
VIPREGen:Variant.Ursu.943380
Cybereasonmalicious.2cfc73
APEXMalicious
BitDefenderGen:Variant.Ursu.943380
McAfee-GW-EditionBehavesLike.Win32.BadFile.tc
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Ursu.943380 (B)
GDataGen:Variant.Ursu.943380
ArcabitTrojan.Ursu.DE6514
McAfeeArtemis!5E91B052CFC7
MAXmalware (ai score=82)
TrendMicro-HouseCallTROJ_GEN.R002H09EL23
RisingTrojan.Generic@AI.85 (RDML:F9coTHhfxwYxJTxcwOVN2w)
MaxSecureTrojan.Malware.300983.susgen
DeepInstinctMALICIOUS

How to remove Ursu.943380?

Ursu.943380 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment