Home / malware Trojan:Win32/Banload.HS
First posted on 06 July 2009.
Source: SecurityHomeAliases :
Trojan:Win32/Banload.HS is also known as Also Known As:Trojan.Win32.Regrun.bsg (Kaspersky).
Explanation :
Trojan:Win32/Banload.HS is a trojan that sends out e-mail messages that contain other malware.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
Trojan:Win32/Banload.HS is a trojan that sends out e-mail messages that contain other malware.
Installation
Trojan:Win32/Banload.HS may arrive in the system using varying file names. Upon execution, it modifies the system registry so that it automatically runs every time Windows starts: Adds value: "Serviço de Drivers"
With data: "<malware path and file name>.exe"
To subkey: HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun where <malware path and file name> is the complete path and file name for the malware file.
Payload
Sends out e-mail messagesTrojan:Win32/Banload.HS attempts to send out e-mail messages with the following details: From: <spoofed>@hotmail.com
Subject: Enc.: HomoMilitaris - Tortura Policial
Attachment: HomoMilitaris.zip where <spoofed> is a spoofed From address. The attachment is downloaded by this trojan from the Web site 'segurosbradesco.com' and is a ZIP archive containing a file detected as Trojan:Win32/VB.RF. It sends the messages via SMTP using the server smtps.uol.com.br and via certain, potentially stolen, e-mail accounts.
Analysis by Francis Allan Tan SengLast update 06 July 2009
