Home / malware TrojanDownloader:Win32/Banload.AWD
First posted on 22 May 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Banload.AWD.
Explanation :
Threat behavior TrojanDownloader:Win32/Banload.AWD is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker.
Installation
TrojanDownloader:Win32/Banload.AWD creates the following files on your PC:
\libeay32.dll \ssleay32.dll - c:\documents and settings\administrator\application data\telefones_contatos_mastercard_686262181.zip - detected as TrojanDownloader:Win32/Banload.AWD
Payload
Contacts remote hosts
TrojanDownloader:Win32/Banload.AWD may contact the following remote hosts using port 80:
- debora.ntdll.net
- goldspecial.com.br
Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 a83d0081f72521596ccd06216b88be1af0af7440.Symptoms
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
\libeay32.dll
\ssleay32.dll
c:\documents and settings\administrator\application data\telefones_contatos_mastercard_686262181.zipLast update 22 May 2014
