Trojan.Miuref

By GoldSparrow in Trojans

Threat Scorecard

Ranking:	10,987
Threat Level:	80 % (High)
Infected Computers:	72,685

First Seen:	May 16, 2014
Last Seen:	April 14, 2024
OS(es) Affected:	Windows

Miuref is a threat that uses click fraud and browser hijacking to infect computer systems using the Windows operating system. Microsoft has called attention to Miuref in its latest security reports, indicating that Miuref can be responsible for the collection of data and money as well as carrying out browser hijacking tasks such as changing search results and redirecting Web browsers to certain websites. Miuref may be used to mine Bitcoin and carry out a variety of other threatening tasks on the targeted computer system. Microsoft has noted that Miuref activity has increased significantly in the 2014 and that quick measures should be put into action to prevent these types of infections.

Table of Contents

Miuref is a Very Deceptive Threat

Malware like Miuref is among the most common infections. This is because Miuref lies in wait on the infected computer, gradually generating revenue at the expense of the computer user with minimal risk or work for the threat's creator or distributor. In fact, threats like Miuref have been on the rise, with new threat families using these types of approaches constantly appearing on the Web. Miuref infections were first detected in December of 2013 and have quickly risen to become some of the most common active malware attacks.

Our PC security analysts have noted that Miuref uses several infection vectors, ranging from social engineering and spam email messages to dropper Trojans and attack websites. Once Miuref is installed, Miuref may connect to an outside server (that may be referred to as a C&C or Command and Control server) so it may transfer data pertaining the infected computer. Miuref may install Web browser plug-ins to take over the infected Web browser and control the content viewed by the victim. Miuref may also generate advertising revenue by clicking on online advertisements automatically. One of the most troubling problems involving Miuref is that Miuref may expose a computer to other, more harmful threats. Browser redirects, online advertisements and Trojan droppers linked to Miuref may expose computer users to unsafe content and other threats, quickly infecting the victim's PC with a variety of other threats.

SpyHunter Detects & Remove Trojan.Miuref

File System Details

Trojan.Miuref may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	qtscript4.dll	de6e98a55bf357f5d46ed80083fe85ed	643
Name: qtscript4.dll MD5: de6e98a55bf357f5d46ed80083fe85ed Size: 1.29 MB (1297408 bytes) Detections: 643 Type: Dynamic link library Path: %PROGRAMFILES(x86)%\Avid\Sibelius 7\qtscript4.dll Group: Malware file Last Updated: April 14, 2024
2.	payload.exe	bd7b8d984be1fb433a33f1bb57d56d33	448
Name: payload.exe MD5: bd7b8d984be1fb433a33f1bb57d56d33 Size: 172.03 KB (172032 bytes) Detections: 448 Type: Executable File Path: C:\Users\<username>\AppData\Local\Ivtzsoft\payload.exe Group: Malware file Last Updated: June 12, 2022
3.	Windows_Activaton.exe	5f9887116ce607be6e65b99c94391fe1	230
Name: Windows_Activaton.exe MD5: 5f9887116ce607be6e65b99c94391fe1 Size: 116.67 KB (116677 bytes) Detections: 230 Type: Executable File Path: C:\Program Files (x86)\Microsoft Toolkit Final\Windows_Activaton.exe Group: Malware file Last Updated: December 21, 2023
4.	SdlUsb8.dll	f71a8185f80a239068e18d6f83d7b3aa	189
Name: SdlUsb8.dll MD5: f71a8185f80a239068e18d6f83d7b3aa Size: 40.44 KB (40448 bytes) Detections: 189 Type: Dynamic link library Path: %LOCALAPPDATA%\Acworks Group: Malware file Last Updated: April 28, 2016
5.	Windows_Activaton.exe	2bd94b63675f083368cf7750e72d5e7c	169
Name: Windows_Activaton.exe MD5: 2bd94b63675f083368cf7750e72d5e7c Size: 143.36 KB (143360 bytes) Detections: 169 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Awvkworks\Windows_Activaton.exe Group: Malware file Last Updated: July 20, 2023
6.	icuPlugin32.dll	3e28144c395cbe31c3bbd2fa5771e03c	129
Name: icuPlugin32.dll MD5: 3e28144c395cbe31c3bbd2fa5771e03c Size: 74.24 KB (74240 bytes) Detections: 129 Type: Dynamic link library Path: %LOCALAPPDATA%\YnzPack Group: Malware file Last Updated: April 28, 2016
7.	Windows_Activaton.exe	dd28c3080015ee8be1b3bd7761da9d4d	124
Name: Windows_Activaton.exe MD5: dd28c3080015ee8be1b3bd7761da9d4d Size: 183.8 KB (183808 bytes) Detections: 124 Type: Executable File Path: %LOCALAPPDATA%\Idssoft Group: Malware file Last Updated: January 9, 2023
8.	PtWIkit4.dll	d2a49a62666da6befbc803b94c5ea070	121
Name: PtWIkit4.dll MD5: d2a49a62666da6befbc803b94c5ea070 Size: 95.23 KB (95232 bytes) Detections: 121 Type: Dynamic link library Path: %LOCALAPPDATA%\YnzPack Group: Malware file Last Updated: April 28, 2016
9.	ff_libfaad2.dll	95a3e8d8a7972969c1930849f3002292	79
Name: ff_libfaad2.dll MD5: 95a3e8d8a7972969c1930849f3002292 Size: 1.27 MB (1272832 bytes) Detections: 79 Type: Dynamic link library Path: %LOCALAPPDATA%\Izrgsoft Group: Malware file Last Updated: April 28, 2016
10.	2e42baa9dd56a6db4d8719bc0b5170ca.exe	2e42baa9dd56a6db4d8719bc0b5170ca	74
Name: 2e42baa9dd56a6db4d8719bc0b5170ca.exe MD5: 2e42baa9dd56a6db4d8719bc0b5170ca Size: 126.97 KB (126976 bytes) Detections: 74 Type: Executable File Path: C:\Users\<username>\AppData\Local\IQsoft\2e42baa9dd56a6db4d8719bc0b5170ca.exe Group: Malware file Last Updated: December 25, 2021
11.	icfgObjspi.dll	e2657cc2d4c167310a347aa85f68a2b2	66
Name: icfgObjspi.dll MD5: e2657cc2d4c167310a347aa85f68a2b2 Size: 63.48 KB (63488 bytes) Detections: 66 Type: Dynamic link library Path: %LOCALAPPDATA%\YXBPack Group: Malware file Last Updated: April 28, 2016
12.	Cvt_x86.dll	44afe02536ba438bb08877a6cc22187b	65
Name: Cvt_x86.dll MD5: 44afe02536ba438bb08877a6cc22187b Size: 62.97 KB (62976 bytes) Detections: 65 Type: Dynamic link library Path: %LOCALAPPDATA%\USmedia Group: Malware file Last Updated: April 28, 2016
13.	Dvkit.dll	0623fd0bfbaed7ed6a0eeafead87f2e6	60
Name: Dvkit.dll MD5: 0623fd0bfbaed7ed6a0eeafead87f2e6 Size: 47.1 KB (47104 bytes) Detections: 60 Type: Dynamic link library Path: %LOCALAPPDATA%\Ujmedia Group: Malware file Last Updated: April 28, 2016
14.	Windows_Activaton.exe	4094d0e61d2a01b43a398fee20426eb8	58
Name: Windows_Activaton.exe MD5: 4094d0e61d2a01b43a398fee20426eb8 Size: 190.21 KB (190212 bytes) Detections: 58 Type: Executable File Path: C:\Program Files (x86)\Windows 8 n 8.1 Activator\Windows_Activaton.exe Group: Malware file Last Updated: February 3, 2022
15.	CatDBARM.dll	ab7034465b0d479b99fb5a049f4bd05d	53
Name: CatDBARM.dll MD5: ab7034465b0d479b99fb5a049f4bd05d Size: 47.1 KB (47104 bytes) Detections: 53 Type: Dynamic link library Path: %LOCALAPPDATA%\YkwPack Group: Malware file Last Updated: April 28, 2016
16.	Windows_Activaton.exe	426466fa73107f408f9bf39fafa17831	43
Name: Windows_Activaton.exe MD5: 426466fa73107f408f9bf39fafa17831 Size: 160.06 KB (160067 bytes) Detections: 43 Type: Executable File Path: C:\Users\<username>\AppData\Local\Ohgics\Windows_Activaton.exe Group: Malware file Last Updated: August 19, 2021
17.	Windows_Activaton.exe	fc8029bb64076c02bc5161f59617cb60	37
Name: Windows_Activaton.exe MD5: fc8029bb64076c02bc5161f59617cb60 Size: 103.1 KB (103108 bytes) Detections: 37 Type: Executable File Path: C:\Users\<username>\AppData\Local\Ipjdsoft\Windows_Activaton.exe Group: Malware file Last Updated: May 27, 2022
18.	Windows_Activaton.exe	10efac297d33fcf55a766ec80518c102	15
Name: Windows_Activaton.exe MD5: 10efac297d33fcf55a766ec80518c102 Size: 134.64 KB (134643 bytes) Detections: 15 Type: Executable File Path: C:\Users\<username>\AppData\Local\ATKworks\Windows_Activaton.exe Group: Malware file Last Updated: February 28, 2022
19.	loader_u.dll	77f7fb95c5d5c20bc28ba195abcfa5cf	14
Name: loader_u.dll MD5: 77f7fb95c5d5c20bc28ba195abcfa5cf Size: 22.52 KB (22528 bytes) Detections: 14 Type: Dynamic link library Path: %LOCALAPPDATA%\AVworks Group: Malware file Last Updated: March 23, 2016
20.	Windows_Activaton.exe	8b953f1d6768f5f5fdbd8732a85ae36b	11
Name: Windows_Activaton.exe MD5: 8b953f1d6768f5f5fdbd8732a85ae36b Size: 139.42 KB (139426 bytes) Detections: 11 Type: Executable File Path: %LOCALAPPDATA%\Idsoft Group: Malware file Last Updated: June 21, 2020
21.	Windows_Activaton.exe	5491c8f919890a5ee734382a305abaee	6
Name: Windows_Activaton.exe MD5: 5491c8f919890a5ee734382a305abaee Size: 143.36 KB (143360 bytes) Detections: 6 Type: Executable File Path: %LOCALAPPDATA%\Ojics Group: Malware file Last Updated: December 23, 2019
22.	loader_u.dll	e1ff33989a96d45693c4a5094a2a296c	2
Name: loader_u.dll MD5: e1ff33989a96d45693c4a5094a2a296c Size: 22.52 KB (22528 bytes) Detections: 2 Type: Dynamic link library Path: %LOCALAPPDATA%\Uhdmedia Group: Malware file Last Updated: March 23, 2016
23.	Windows_Activaton.exe	4ee97d2efda5a2ad5e1176fb31a3e105	2
Name: Windows_Activaton.exe MD5: 4ee97d2efda5a2ad5e1176fb31a3e105 Size: 143.36 KB (143360 bytes) Detections: 2 Type: Executable File Path: %LOCALAPPDATA%\Ucmedia Group: Malware file Last Updated: April 8, 2016
24.	Windows_Activaton.exe	9f28226923c02b42c663623c29385231	2
Name: Windows_Activaton.exe MD5: 9f28226923c02b42c663623c29385231 Size: 183.8 KB (183808 bytes) Detections: 2 Type: Executable File Path: %LOCALAPPDATA%\Uwssmedia Group: Malware file Last Updated: April 8, 2016
25.	siftDLL.dll	cbc4da27aeb103a4ca53b79495c760be	1
Name: siftDLL.dll MD5: cbc4da27aeb103a4ca53b79495c760be Size: 229.37 KB (229376 bytes) Detections: 1 Type: Dynamic link library Path: %USERPROFILE%\Local Settings\Application Data\YljPack Group: Malware file Last Updated: March 23, 2016
26.	Windows_Activaton.exe	b81415a4b0ed5571299db7bb4ee7ddf7	1
Name: Windows_Activaton.exe MD5: b81415a4b0ed5571299db7bb4ee7ddf7 Size: 183.8 KB (183808 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\YVPack Group: Malware file Last Updated: April 8, 2016
27.	SYMSRV.DLL	96dde3b7b36477f7afcfd2e09f04d347	1
Name: SYMSRV.DLL MD5: 96dde3b7b36477f7afcfd2e09f04d347 Size: 121.34 KB (121344 bytes) Detections: 1 Type: Dynamic link library Path: %LOCALAPPDATA%\Efvtion Group: Malware file Last Updated: September 26, 2017
28.	%UserProfile%\Administrator\Local Settings\Application Data\UQmedia\BluetoothUtilperf.dll
Name: %UserProfile%\Administrator\Local Settings\Application Data\UQmedia\BluetoothUtilperf.dll Type: Dynamic link library Group: Malware file
29.	%UserProfile%\Local Settings\Application Data\UQmedia\BluetoothUtilperf.1
Name: %UserProfile%\Local Settings\Application Data\UQmedia\BluetoothUtilperf.1 Group: Malware file
30.	%Temp%\setup.dat
Name: %Temp%\setup.dat Type: Data file Group: Malware file
31.	%Temp%\rs.dat
Name: %Temp%\rs.dat Type: Data file Group: Malware file
32.	%Temp%\rzkxixls.exe
Name: %Temp%\rzkxixls.exe Type: Executable File Group: Malware file
33.	file.exe	b80a2daca4b5000fae089e655f2fa4b0	0
Name: file.exe MD5: b80a2daca4b5000fae089e655f2fa4b0 Size: 122.75 KB (122757 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 19, 2016

More files

Registry Details

Trojan.Miuref may create the following registry entry or registry entries:

Regexp file mask

%ALLUSERSPROFILE%\Microsoft\Performance\TheftProtection\temp\tmpw{3,4}.exe

%LOCALAPPDATA%\Microsoft\Performance\TheftProtection\temp\tmpw{3,4}.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"UQmedia" = "regsvr32.exe "%UserProfile%\Administrator\Local Settings\Application Data\UQmedia\BluetoothUtilperf.dll""

Directories

Trojan.Miuref may create the following directory or directories:

%ALLUSERSPROFILE%\microsoft\performance\theftprotection

%LOCALAPPDATA%\Otics

%LOCALAPPDATA%\YVPack

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.Miuref

Threat Scorecard

EnigmaSoft Threat Scorecard

Miuref is a Very Deceptive Threat

SpyHunter Detects & Remove Trojan.Miuref

File System Details

Registry Details

Directories

Submit Comment

Trending

1xlite-394299.top

1wrcna.life

WinUpdatesDisabler Ransomware

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?