Threat Database Trojans Win32/Ursnif


By Sumo3000 in Trojans

Win32/Ursnif is a Trojan that steals personal information from a targeted PC. Once executed, Win32/Ursnif copy themselves to the certain location. Win32/Ursnif modifies the Windows registry so that it can run this copy automatically each time you start Windows. Win32/Ursnif then executes its copy and adds and runs a batch file which deletes the original executable Win32/Ursnif uses misleading techniques in order to take over the integrity of the infected computer's data. Win32/Ursnif enables attackers to gain unauthorized access and control over the compromised PC. Win32/Ursnif connects to a remote server with version information. Once a parameter in response to the version information sent is passed, Win32/Ursnif removes any currently running versions of the Trojan before installing an updated version of itself (should a newer version be available from the remote server). Uninstall Win32/Ursnif to protect your computer from damage.

This Week in Malware Ep 10: Ursnif malware Leverages MS Excel 4.0 via Macro Functionality

SpyHunter Detects & Remove Win32/Ursnif

File System Details

Win32/Ursnif may create the following file(s):
# File Name MD5 Detections
1. %windir%\9129837.exe
2. file.exe 7d6d7af6fb64e5140fe4b44537fdbcc1 0
3. file.dll d74d2554e032d572880eae7f749388f0 0
4. file.dll 7d557df38f70c01126714e78213cdabe 0
5. file.dll 7d48f537cc73ffa7157a5b979a210368 0
6. file.dll a754c1377efc9297145bcddbdd43e745 0

Registry Details

Win32/Ursnif may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ttool = "%windir%\9129837.exe"

Related Posts


Most Viewed