Malware

What is “Ursu.94453 (B)”?

Malware Removal

The Ursu.94453 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.94453 (B) virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid

How to determine Ursu.94453 (B)?



File Info:

name: 32425A273219EF2DF1D2.mlw
path: /opt/CAPEv2/storage/binaries/b6a19c45e6eaea54f172de009ca4f2b1e5599fe51a52278e26097a4b8b77a191
crc32: 46FB5B5D
md5: 32425a273219ef2df1d27e671414b77e
sha1: 009df99bc8a4cb8ec4daaef67a74bf0519685ce0
sha256: b6a19c45e6eaea54f172de009ca4f2b1e5599fe51a52278e26097a4b8b77a191
sha512: 937917c43e45608f19a99375d3ed1eb9f48a6fe186c48ac4f047e8d78fefc17e574edfeaede9c279ce1a8f182e2112238e2c9e2f5b3fea9e31701e3aa5ad7846
ssdeep: 98304:qWLBBrNSX5ZgTMat/isYowm7/9sn1y4NM6Cs0T7idvNiLmudiof5Ii:VL3ry+TM8Wm7/yAkM6gWoVdd5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B63623B3A278010ED5E4CD3DCD3B7ED431F6126B9B81AC78A55F7ED225128A1E293847
sha3_384: b66176024344181d37635111bc248bc604911a4637c1c9237306cbb0944385486f1cc4d4eda9dfb9eea68bbbc2ca2627
ep_bytes: 68ebb0d803e83662f2ff4c03e8e9d0a7
timestamp: 2009-09-09 00:45:54


Version Info:

Comments: Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName: Apache Software Foundation
FileDescription: ApacheBench command line utility
FileVersion: 2.2.14
InternalName: ab.exe
LegalCopyright: Copyright 2009 The Apache Software Foundation.
OriginalFilename: ab.exe
ProductName: Apache HTTP Server
ProductVersion: 2.2.14
Translation: 0x0409 0x04b0

Ursu.94453 (B) also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.94453
CylanceUnsafe
Cybereasonmalicious.73219e
SymantecML.Attribute.HighConfidence
APEXMalicious
BitDefenderGen:Variant.Ursu.94453
AvastWin32:Evo-gen [Susp]
RisingMalware.Heuristic!ET#99% (RDMK:cmRtazpLwFTLnoxHYs0o40pSh63y)
Ad-AwareGen:Variant.Ursu.94453
EmsisoftGen:Variant.Ursu.94453 (B)
F-SecureHeuristic.HEUR/AGEN.1120077
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
FireEyeGeneric.mg.32425a273219ef2d
SophosGeneric ML PUA (PUA)
IkarusTrojan.Win32.Krypt
GDataGen:Variant.Ursu.94453
AviraHEUR/AGEN.1120077
MAXmalware (ai score=89)
ArcabitTrojan.Ursu.D170F5
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.R372623
ALYacGen:Variant.Ursu.94453
YandexTrojan.GenAsa!ZJARN1hYeBo
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZexaF.34062.@B0@aqPYKiai
AVGWin32:Evo-gen [Susp]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Ursu.94453 (B)?

Ursu.94453 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment