Home / malwarePDF  

TrojanDownloader:Win32/Banload.AXW


First posted on 12 September 2014.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:Win32/Banload.AXW.

Explanation :

Threat behavior TrojanDownloader:Win32/Banload.AXW is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker.

Installation

TrojanDownloader:Win32/Banload.AXW creates the following files on your PC:

  • c:\documents and settings\administrator\application data\vnpdf.exe


Payload

Contacts remote host
TrojanDownloader:Win32/Banload.AXW might contact a remote host at 64.186.149.30 using port 80. Commonly, malware does this to:
  • Report a new infection to its author
  • Receive configuration or other data
  • Download and run files, including updates or other malware
  • Receive instructions from a remote hacker
  • Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 5600d381ab59b6fa8842cd9f6ed83c44f0af2464.Symptoms

System changes

The following could indicate that you have this threat on your PC:

  • You have these files:

    c:\documents and settings\administrator\application data\vnpdf.exe

Last update 12 September 2014

 

TOP