Multi-License Discount Quote

Change Region

English
Threat Database Backdoors Backdoor.Ursu.O

Backdoor.Ursu.O

By CagedTech in Backdoors

Threat Scorecard

Popularity Rank: 14,781
Threat Level: 60 % (Medium)
Infected Computers: 175
First Seen: February 28, 2022
Last Seen: October 3, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Backdoor.Ursu.O
Signature status: Hash Mismatch

Known Samples

MD5: d8affc8e6034d82b4137f7775ae10839
SHA1: 1cfaad75b796f1331937eb61f9ace7957b37b18b
SHA256: 272D12A55A64C48020DB8AD3ACF01D1791DFEC8B85CABA7DDD89EBE3FF13C75F
File Size: 1.58 MB, 1575304 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Roblox Corporation
File Description Roblox
File Version 1, 6, 0, 5160305
Legal Copyright Copyright © 2020 Roblox Corporation. All rights reserved.
Original Filename Roblox.exe
Product Name Roblox Bootstrapper
Product Version 1, 6, 0, 5160305

Digital Signatures

Signer Root Status
Roblox Corporation DigiCert EV Code Signing CA (SHA2) Hash Mismatch

File Traits

  • x86

Block Information

Total Blocks: 4,480
Potentially Malicious Blocks: 493
Whitelisted Blocks: 3,946
Unknown Blocks: 41

Visual Map

x 0 x x x x x x x x x x x x x 0 x 0 x x 0 x 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 x x 0 x 0 x x x x 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 1 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 x x 0 0 x x 0 0 0 x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x x x x 0 0 x x 0 x 0 x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x 0 x 0 0 x 0 x x 0 x x x x x x x x x x x x x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 1 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 x 0 x x x 0 x 0 0 0 0 0 0 x x x x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? x ? 0 0 0 0 0 x 0 0 0 0 x x x 0 x 0 0 x x 0 ? 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x x x x 0 0 0 0 x 0 0 0 0 0 0 ? 0 0 x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 x x 0 x x 0 x 0 0 0 0 0 0 0 x 0 0 0 x 0 ? 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x x 0 x 0 x 0 0 x 0 0 0 x x x 0 x 0 0 x 0 0 0 0 0 x x x 0 0 x 0 0 0 0 0 0 0 0 0 x ? 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 1 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 ? 0 ? 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? x 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 x 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 x 0 0 0 1 x x x x x x 0 x 0 0 0 0 0 0 x x 0 x 0 0 x x 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x 0 0 x x x 0 x 0 x x x 0 ? x x x 0 0 x x 0 0 0 0 x x 0 x x x x x x 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 x x x 0 x x 0 0 0 0 0 0 ? x 0 0 0 0 0 x ? ? ? ? 0 x 0 x x 0 ? x 0 0 x x 0 0 0 0 x 0 0 ? 0 0 x x 0 ? x 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x 0 0 0 x x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 x 0 x 0 0 0 0 x x x x x x 0 x 0 0 x x 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Ursu.O

Trending

Most Viewed

Loading...