Win32/Spy.Ursnif
Posted: November 30, 2010
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 988 |
| First Seen: | November 30, 2010 |
|---|---|
| Last Seen: | November 23, 2018 |
| OS(es) Affected: | Windows |
Win32/Spy.Ursnif is classified as a trojan threat that is believed to send information about the infected machine to a remote one. Win32/Spy.Ursnif trojan creates and runs a new thread with its own program code, running in all processes. Since trojan Win32/Spy.Ursnif is known to collect information from the infected computer, it creates a new User Account with the username 'l%variable3%' and a password 'pentagon'. Win32/Spy.Ursnif is known to collect different types of data such as the version of your operating system, your computer's IP address and information about your default web browser. Win32/Spy.Ursnif may also attract more threats to your system and cause constant homepage and search engine redirects.
Aliases
TR/Kazy.67671.32 [AntiVir]Backdoor.Win32.Papras.fut [Kaspersky]Generic32.AQYU [AVG]W32/Kryptik.AYDA [Fortinet]Trojan/Win32.Zbot [AhnLab-V3]Mal/ZboCheMan-M [Sophos]TR/Spy.Ursnif.176 [AntiVir]Trojan.MulDrop4.30645 [DrWeb]Trojan.Zbot [Symantec]Artemis!ABACD922606B [McAfee]TR/Kazy.67671.30 [AntiVir]Trojan.MulDrop4.6918 [DrWeb]Backdoor.Win32.Papras.fue [Kaspersky]Artemis!B124A5E115B7 [McAfee]Win32:Downloader-SYF [Trj] [Avast]
More aliases (844)
More aliases (844)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%WINDIR%\system32\chkddial.dll
File name: chkddial.dllSize: 64.51 KB (64512 bytes)
MD5: a93f34e00f4ba5cafafa6e8fc1b84794
Detection count: 96
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: March 21, 2013
%WINDIR%\msfemsra.dll
File name: msfemsra.dllSize: 64 KB (64000 bytes)
MD5: e3c68cebe73fc3f7dedd2382038fefa6
Detection count: 94
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: April 22, 2013
file.exe
File name: file.exeSize: 526.33 KB (526336 bytes)
MD5: 3cce22904c4e905144fa85219e38a763
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%TEMP%\MigAutil.exe
File name: MigAutil.exeSize: 225.79 KB (225792 bytes)
MD5: 85b1044e8e04d836ccdd92cb4b092c51
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: March 29, 2013
64cf07e54db68646e5a63d329d08516a
File name: 64cf07e54db68646e5a63d329d08516aSize: 45.05 KB (45056 bytes)
MD5: 64cf07e54db68646e5a63d329d08516a
Detection count: 71
Group: Malware file
2ef23146836ead2012141e11be8e155c
File name: 2ef23146836ead2012141e11be8e155cSize: 515.07 KB (515072 bytes)
MD5: 2ef23146836ead2012141e11be8e155c
Detection count: 70
Group: Malware file
dd8ea7d979aa3b723d8d92fe1b39c2bf
File name: dd8ea7d979aa3b723d8d92fe1b39c2bfSize: 46.08 KB (46080 bytes)
MD5: dd8ea7d979aa3b723d8d92fe1b39c2bf
Detection count: 65
Group: Malware file
c:\Users\<username>\desktop\4cfa320b9c252c7ff5ba474a3ab81b42f55455b20ef2499196ca5fff3ccd1d63.exe
File name: 4cfa320b9c252c7ff5ba474a3ab81b42f55455b20ef2499196ca5fff3ccd1d63.exeSize: 45.56 KB (45568 bytes)
MD5: 83e07bf5e594135d2fbf37c5cd12ddfe
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Path: c:\Users\<username>\desktop
Group: Malware file
Last Updated: December 7, 2018
4d10ec332aa4a7001d8b46c1230f74de
File name: 4d10ec332aa4a7001d8b46c1230f74deSize: 45.56 KB (45568 bytes)
MD5: 4d10ec332aa4a7001d8b46c1230f74de
Detection count: 63
Group: Malware file
file.dll
File name: file.dllSize: 360.44 KB (360448 bytes)
MD5: 8f6a03ac3443bff16e7a5fd23b570b9a
Detection count: 61
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
file.dll
File name: file.dllSize: 180.22 KB (180224 bytes)
MD5: 255a177c7777741f8d06fc3e45dd5ccc
Detection count: 61
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
b6562cb534ea11dd42f7ee069d29f22d
File name: b6562cb534ea11dd42f7ee069d29f22dSize: 45.56 KB (45568 bytes)
MD5: b6562cb534ea11dd42f7ee069d29f22d
Detection count: 60
Group: Malware file
f0d8dafec7fcc6d1aaca107714959a7f
File name: f0d8dafec7fcc6d1aaca107714959a7fSize: 45.56 KB (45568 bytes)
MD5: f0d8dafec7fcc6d1aaca107714959a7f
Detection count: 41
Group: Malware file
6b434fb8cc7a5085db7943dfb0a3ca13
File name: 6b434fb8cc7a5085db7943dfb0a3ca13Size: 46.08 KB (46080 bytes)
MD5: 6b434fb8cc7a5085db7943dfb0a3ca13
Detection count: 36
Group: Malware file
%WINDIR%\icsudt32.dll
File name: icsudt32.dllSize: 65.53 KB (65536 bytes)
MD5: 6ae9779010b3ed422fed1c6682103eca
Detection count: 35
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: March 21, 2013
3879cb077ce59e25605e74b3bba64eb8
File name: 3879cb077ce59e25605e74b3bba64eb8Size: 46.08 KB (46080 bytes)
MD5: 3879cb077ce59e25605e74b3bba64eb8
Detection count: 32
Group: Malware file
%TEMP%\drivecab.exe
File name: drivecab.exeSize: 210.43 KB (210432 bytes)
MD5: cb0c37db071299a26d1e90091e2c511d
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: April 10, 2013
%SystemDrive%\Documents and Settings\LYTG-PC12\Local Settings\Temp\mstshost.dll
File name: mstshost.dllSize: 59.39 KB (59392 bytes)
MD5: 3a5a88d455f63844623c4c0a9431261a
Detection count: 24
File type: Dynamic link library
Mime Type: unknown/dll
Path: %SystemDrive%\Documents and Settings\LYTG-PC12\Local Settings\Temp
Group: Malware file
Last Updated: February 22, 2013
0ae059062d80daa2a11631bd453b2aa4
File name: 0ae059062d80daa2a11631bd453b2aa4Size: 46.08 KB (46080 bytes)
MD5: 0ae059062d80daa2a11631bd453b2aa4
Detection count: 21
Group: Malware file
%TEMP%\cmdmsra.exe
File name: cmdmsra.exeSize: 218.62 KB (218624 bytes)
MD5: f9a12fdb2a643d99c8fa30e9898275fd
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: April 16, 2013
%WINDIR%\system32\PATHInit.exe
File name: PATHInit.exeSize: 239.61 KB (239616 bytes)
MD5: 016369c4927cbbfb7a071ac6924d448c
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: March 29, 2013
C:\Users\<username>\AppData\Roaming\btpa3dlg\FXSR2_32.exe
File name: FXSR2_32.exeSize: 1 MB (1008640 bytes)
MD5: 99be1d8a3fefca1247554cd67d609619
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\btpa3dlg
Group: Malware file
Last Updated: November 22, 2018
c:\Users\<username>\desktop\037627c4457d5862c73d9246b9208c2825c56d9bb1f254378ec920c1be55c13f.exe
File name: 037627c4457d5862c73d9246b9208c2825c56d9bb1f254378ec920c1be55c13f.exeSize: 44.03 KB (44032 bytes)
MD5: cb4a3e8887e08b8b3072c32305d41d37
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: c:\Users\<username>\desktop
Group: Malware file
Last Updated: December 7, 2018
More files
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.