TrojanSpy:Win32/Ursnif.FN malicious file

Malware Removal

The TrojanSpy:Win32/Ursnif.FN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What TrojanSpy:Win32/Ursnif.FN virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process created a hidden window
  • Unconventionial language used in binary resources: Russian
  • Uses Windows utilities for basic functionality
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics
  • Clears web history

How to determine TrojanSpy:Win32/Ursnif.FN?


File Info:

crc32: 1AE80BFD
md5: 57563a3dd85243fbecf7e1db8421bb39
name: 57563A3DD85243FBECF7E1DB8421BB39.mlw
sha1: e04658560d06986c74732f0f01eefba97476f94d
sha256: 097488f6a7280879386c05f17cb80448cbbaf028d00232b71c55b728422cd307
sha512: 9723c9aed96d094a92b3a61fbf9181f2f9cd4fc7d9839a68d657f0fa85e7a35972fca2268aa2b3f70c49bcf47c9520620eb702c867357879ca0f2d23d5275593
ssdeep: 3072:yElLruwyKnZcdPWbAFq5px0e/Y01pEYPAg0nUCHbx12bV4UmWH:y8ruwVnqPZFSpx0eftPngUCHQT
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: x430x42ax44fx42fx44cx439x443x428x420x447x42ax435x42bx431x41bx43ex44bx43cx413x43bx41ax449x44bx410
InternalName: x42fx432x417x43dx437x43cx438x443x41bx424x422x43cx42cx410x433x423x42fx444x41ax420x44bx435x421x41ex443x44ax437x436x420
FileVersion: 117.70.38.30
CompanyName: x415x449x42cx422x42cx438x41bx428x426x44cx414x423x443x418x449x425x421x436x449x444x414x43dx414x441x422x44fx439x433x447
ProductName: x432x410x44ax424x41fx43fx42bx424x447x440x445x414x447x445x43dx443x413x443x44fx41bx42cx42bx42fx421x412
ProductVersion: 117.70.38.30
FileDescription: x421x429x42cx443x43cx428x42cx448x413x43ax41ax423x44ax42ax42fx436x413x422x433x43cx425x447x42ax445x41ax41b
OriginalFilename: x42dx414x44dx426x419x438x445x446x420x44dx41bx449x438x43bx429x412x44ex442x431x448x43fx414
Translation: 0x0008 0x0000

TrojanSpy:Win32/Ursnif.FN also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 000583771 )
LionicHacktool.Win32.Krap.x!c
Elasticmalicious (high confidence)
DrWebTrojan.Packed.20343
CynetMalicious (score: 100)
ALYacGen:Heur.Krypt.28
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.898074
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojanSpy:Win32/Ursnif.b0a62c93
K7GWTrojan ( 000583771 )
Cybereasonmalicious.dd8524
CyrenW32/Zbot.AK.gen!Eldorado
SymantecW32.Qakbot!gen4
ESET-NOD32a variant of Win32/Kryptik.DOS
APEXMalicious
AvastWin32:MalOb-IJ [Cryp]
KasperskyPacked.Win32.Krap.gx
BitDefenderGen:Heur.Krypt.28
NANO-AntivirusTrojan.Win32.Digitala.ttwe
MicroWorld-eScanGen:Heur.Krypt.28
TencentWin32.Packed.Krap.Svhm
Ad-AwareGen:Heur.Krypt.28
SophosML/PE-A + Mal/Qbot-B
ComodoMalCrypt.Indus!@1qrzi1
BitDefenderThetaAI:Packer.063074481F
VIPRETrojan.Win32.Nedsym.f (v)
TrendMicroBKDR_QAKBOT.SMB
McAfee-GW-EditionPWS-Zbot.gen.aum
FireEyeGeneric.mg.57563a3dd85243fb
EmsisoftGen:Heur.Krypt.28 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Digitala.kq
AviraTR/Dropper.Gen
eGambitGeneric.Malware
Antiy-AVLTrojan/Generic.ASMalwS.185834C
MicrosoftTrojanSpy:Win32/Ursnif.FN
ArcabitTrojan.Krypt.28
GDataGen:Heur.Krypt.28
Acronissuspicious
McAfeePWS-Zbot.gen.aum
MAXmalware (ai score=100)
VBA32Malware-Cryptor.Limpopo
PandaTrj/Krapack.gen
TrendMicro-HouseCallBKDR_QAKBOT.SMB
RisingTrojan.Generic@ML.99 (RDMK:Hrmt1Og2xhsNpH15XOg4dQ)
IkarusTrojan-Spy.Win32.Zbot
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Krap.HM!tr
AVGWin32:MalOb-IJ [Cryp]
Paloaltogeneric.ml

How to remove TrojanSpy:Win32/Ursnif.FN?

TrojanSpy:Win32/Ursnif.FN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment