What is "Ursu.97246"? – Adware Reports

The Ursu.97246 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ursu.97246 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Creates a copy of itself
Attempts to disable Windows Defender
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Ursu.97246?


File Info:
crc32: CCF804AB
md5: c962422ac6b045e6188ca6f3dd0c5b02
name: C962422AC6B045E6188CA6F3DD0C5B02.mlw
sha1: bad5c31214a4cc4f7d3271ad7dcfe4c941546836
sha256: 5f3b9bd0350429381f2b9f0f3b491178a02bbc8857c395166f3627cdae7af267
sha512: 836f9d2cec06c6c2ecef17ab1230fb340d20e9bbd21955fa3f14cd1359f1df2819e1736fc2e79737611cac4468b0a0512ad5dda7fb3d2d5325c44ecec0eb378c
ssdeep: 6144:ctyPiyPfGiGjXCHbDiXszU9Nbm0a2v1sAbbPL7yAEh2wyP5:ctdDiGDCzU9Nbm0/Kg8hNM
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
LegalCopyright: xa9 2006-2018 MiniIn COF.
InternalName: EXMHNYQ
FileVersion: 1.00.0071
CompanyName: Kimble
ProductName: EXMHNYQ
ProductVersion: 1.00.0071
FileDescription: Unscramble this word and solve puzzles
OriginalFilename: EXMHNYQ.exe

Ursu.97246 also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	EmailWorm ( 003c363a1 )
DrWeb	Trojan.Trick.45194
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.MansaboVMF.S21201718
ALYac	Gen:Variant.Ursu.97246
Cylance	Unsafe
Zillya	Trojan.Mansabo.Win32.459
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	Trojan:Win32/Mansabo.f102a9aa
K7GW	EmailWorm ( 003c363a1 )
Cybereason	malicious.ac6b04
Cyren	W32/S-2895d144!Eldorado
Symantec	Packed.Generic.558
ESET-NOD32	a variant of Win32/Injector.DVWK
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.TrickBot-9845695-1
Kaspersky	Trojan.Win32.Mansabo.asc
BitDefender	Gen:Variant.Ursu.97246
NANO-Antivirus	Trojan.Win32.Trick.eyaolc
MicroWorld-eScan	Gen:Variant.Ursu.97246
Tencent	Malware.Win32.Gencirc.10ba59f8
Ad-Aware	Gen:Variant.Ursu.97246
Sophos	Mal/Generic-R + Troj/VB-JPY
Comodo	Malware@#2wapl9gadqbu5
BitDefenderTheta	Gen:NN.ZevbaF.34266.wm0@aGKzxAEO
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
FireEye	Generic.mg.c962422ac6b045e6
Emsisoft	Gen:Variant.Ursu.97246 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Mansabo.tg
Avira	HEUR/AGEN.1131919
Antiy-AVL	Trojan/Generic.ASMalwS.247AEA4
Microsoft	Trojan:Win32/Totbrick.H
GData	Gen:Variant.Ursu.97246
TACHYON	Trojan/W32.VB-Mansabo.360448.B
AhnLab-V3	Trojan/Win32.Trickbot.C2408908
Acronis	suspicious
McAfee	GenericRXEB-DK!C962422AC6B0
MAX	malware (ai score=88)
VBA32	Trojan.Mansabo
Malwarebytes	Spyware.TrickBot
Panda	Trj/Genetic.gen
Yandex	Trojan.GenAsa!gx2Kme8fgpQ
Ikarus	Trojan.Win32.Krypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.DVWK!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Ursu.97246?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Ursu.97246”?