Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Ursnif.H

Trojan.Ursnif.H

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 21,239
Threat Level: 80 % (High)
Infected Computers: 6
First Seen: November 14, 2012
Last Seen: November 8, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Ursnif.H
Signature status: Hash Mismatch

Known Samples

MD5: aa3e38c5fb31bd497afe4b929cbbb63b
SHA1: 1dbc887564e01fd901f60e332b6511c6d389b96a
SHA256: D7BEAC1D74BA5EE6E5E2668C1BA21D9F8A6B47D17D4CDC03EEABB0B7A278238D
File Size: 317.48 KB, 317479 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Adobe Systems Incorporated
File Description CCLibraries
File Version 2.11.0.966
Internal Name CCLibraries
Legal Copyright Copyright 2015-2017 Adobe Systems Incorporated. All rights reserved.
Original Filename CCLibraries.exe
Product Name CCLibraries
Product Version 2.11.0.966

Digital Signatures

Signer Root Status
Adobe Systems Incorporated Symantec Class 3 Extended Validation Code Signing CA - G2 Hash Mismatch

File Traits

  • big overlay
  • HighEntropy
  • x86

Block Information

Total Blocks: 572
Potentially Malicious Blocks: 10
Whitelisted Blocks: 531
Unknown Blocks: 31

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 ? ? 0 0 0 ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 ? 0 0 0 x 0 0 0 0 ? ? x x 0 0 0 x x 0 ? 0 ? ? 0 ? 0 0 ? ? x ? x x ? ? x x ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 2 2 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\creativecloud\creative cloud libraries\cc library process.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls C:\PROGRA~1\COMMON~1\System\symsrv.dll RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess

Shell Command Execution

"c:\users\user\downloads\libs\node.exe" "c:\users\user\downloads\js\server.js"

Trending

Most Viewed

Loading...