Threat Database Trojans TrojanSpy:Win64/Ursnif.A


By Sumo3000 in Trojans

Threat Scorecard

Ranking: 15,233
Threat Level: 80 % (High)
Infected Computers: 9,212
First Seen: December 12, 2011
Last Seen: March 15, 2024
OS(es) Affected: Windows

TrojanSpy:Win64/Ursnif.A is a Trojan that contains spyware functionalities enabling an attacker to obtain backdoor access and control of the corrupted PC. When installed on the affected computer, TrojanSpy:Win64/Ursnif.A steals confidential information and transfers it to remote attackers. TrojanSpy:Win64/Ursnif.A may be installed on the infected computer via drive-by download attacks, if the PC user visits a compromised or infected website. TrojanSpy:Win64/Ursnif.A may also be installed by other malware infections. TrojanSpy:Win64/Ursnif.A connects to a remote server to get instructional commands from remote attackers. TrojanSpy:Win64/Ursnif.A captures FTP transfer data (GET/PUT commands) and HTTP outbound traffic (POST data), gets your browser cookies and digital certificates, takes screenshots, deletes browser cookies, and fulfills numerous other harmful activities. TrojanSpy:Win64/Ursnif.A embeds itself into the genuine web browser processes.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Fortinet W32/Ursnif.PEM!tr
Microsoft TrojanSpy:Win32/Ursnif.gen!K
McAfee-GW-Edition Artemis!E67E824460B5
AntiVir TR/Spy.Ursnif.K.168
Sophos Mal/Generic-S
BitDefender Trojan.GenericKDV.1065624
Kaspersky Trojan-Spy.Win32.Ursnif.pem
McAfee RDN/Generic PWS.y!ta
Avast Win32:Crypt-NWY [Trj]
Fortinet W32/Ursnif.B!tr
McAfee PWS-FADX!594091811002
Fortinet W32/Papras.FGI!tr.bdr
AntiVir TR/Crypt.XPACK.Gen3
Kaspersky Trojan-Spy.Win32.Ursnif.b
McAfee PWS-FADX!0603BF770C11

SpyHunter Detects & Remove TrojanSpy:Win64/Ursnif.A

File System Details

TrojanSpy:Win64/Ursnif.A may create the following file(s):
# File Name MD5 Detections
1. n. 694cfd39050fafb121bc7250c8b7ad45 42
2. wsearch.exe 013f153b253b33a88317aa77ead9e52b 30
3. wsearch.exe 33bc73c20f9c0f786bc7ff32a97ba700 25
4. dfrgWWIN.dll e67e824460b5b08800efa713ba4b1dff 25
5. Nbt.exe 74d81e494f2bca0785f1327eca65c851 18
6. zdbvdzw.dll 1d46d5e87cbc5b6d1c8e5a5e7024f658 13
7. f91158992.exe 9fa47a30818710e86b0880d20b07355e 10
8. slwljjvb.dll 670cfaeaa9fe0abfe9cc91f4d1cbf5d9 10
9. qbjmd.dll 26aa65f55cf06b6f1bb1940c3d250b14 7
10. Nbt.exe 60627b628b732ddabee0aaa4b0d4ba8e 5
11. svcnost.exe a6f5a07088ea4f0c7f40fdc1361fc045 5
12. autoexec64.dll ad33f4584e1d6a2be98cea08de2b8f63 2
13. smss.exe 522bb21a447c46ed17765ef80f56f2d0 1
14. pkms.exe ed07df1a68f1b36055dbeebfb77383fb 1
15. RevoHack.dll 52c1309cbb99532af537af0ae62aaa86 1
16. RevoHack.dll 063148b684125bb95b9e5e49d5baff83 1
17. RevoHack.dll beee1db6dd40d62ec2ba98d47d98f72b 1
18. lxbfmote64.dll 175ce484e7d657938a58c61753fa9267 1
19. makepugc64.dll 12732b35e36e5877be63fcb8468241d6 1
20. ciphgMgr64.dll 985158c0878d3f82baad0c676d847fc2 1
21. cleadkey64.dll 1c64a7cfa237a25514b4c7869854541b 1
22. runadctr64.dll 6ca30479837f7bbf4ddbc2af728a77ef 1
23. cmdkmsdt64.dll cc63230b29a0637fff28102b428def81 1
24. ReAgvate64.dll f30a1f02f85145d5efeab5a45e6728e0 1
More files

Related Posts


Most Viewed