Trojan

About “Trojan:Win32/Ursnif.U!MTB” infection

Malware Removal

The Trojan:Win32/Ursnif.U!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ursnif.U!MTB virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Network activity detected but not expressed in API logs

How to determine Trojan:Win32/Ursnif.U!MTB?



File Info:

crc32: B22CCCBD
md5: 936679b5382f54edc9de2f0b070c5a06
name: 936679B5382F54EDC9DE2F0B070C5A06.mlw
sha1: a03a7838da709070647a11d8c4e085d8bec94919
sha256: 97d5076a32303a31815aae4dcb110691e55a994281bdfa76f50c5d8311fe1a89
sha512: 225f2bf18473795cf3585292698af50e5b18027772b1fdb1fbb533eee1d640eae31caca3188b92e18dfa505db6db09c2b7515fddf188933f34922ac41bf47fee
ssdeep: 6144:RoqR/+qO2lxI6fiSP2Re8J2AehiQxOHSERtIzEiSP2Re8J2m:/+n+Mk8e0yEDapkK
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

0: [No Data]

Trojan:Win32/Ursnif.U!MTB also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005425451 )
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.25244
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGen:Variant.Ransom.Cerber.801
CylanceUnsafe
ZillyaTrojan.Ursnif.Win32.3954
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Ursnif.68d7ec9c
K7GWTrojan ( 005425451 )
Cybereasonmalicious.5382f5
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Injector.EBXN
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Azorult-7668229-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ransom.Cerber.801
NANO-AntivirusTrojan.Win32.Strictor.fkqjwj
MicroWorld-eScanGen:Variant.Ransom.Cerber.801
TencentMalware.Win32.Gencirc.10cc6a2d
Ad-AwareGen:Variant.Ransom.Cerber.801
SophosMal/Generic-S
ComodoMalware@#12dwjvcg94hbv
BitDefenderThetaGen:NN.ZexaF.34170.rmJfa8UCVdbc
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.936679b5382f54ed
EmsisoftGen:Variant.Ransom.Cerber.801 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Inject.aqhw
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1128777
Antiy-AVLTrojan/Generic.ASMalwS.29AF3E1
MicrosoftTrojan:Win32/Ursnif.U!MTB
SUPERAntiSpywareTrojan.Agent/Gen-Malpack
GDataGen:Variant.Ransom.Cerber.801
TACHYONTrojan/W32.Agent.359432.B
AhnLab-V3Trojan/Win32.Ursnif.R246444
McAfeeArtemis!936679B5382F
MAXmalware (ai score=100)
VBA32BScope.TrojanPSW.Azorult
MalwarebytesTrojan.MalPack
PandaTrj/CI.A
YandexTrojan.GenAsa!rV77gov6hmw
IkarusTrojan-Ransom.Zerber
FortinetW32/Injector.ECGO!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Trojan:Win32/Ursnif.U!MTB?

Trojan:Win32/Ursnif.U!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment