Home / malwarePDF  

TrojanDownloader:Win32/Banload.AAX


First posted on 23 August 2011.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/Banload.AAX is also known as TROJ_OFICLA.AW (Trend Micro), Trojan-Downloader.Win32.Agent.fznn (Kaspersky), Troj/Dloadr-DEW (Sophos), Spyware.Keylogger (Symantec).

Explanation :

TrojanDownloader:Win32/Banload.AAX is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker.
Top

TrojanDownloader:Win32/Banload.AAX is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker. Installation TrojanDownloader:Win32/Banload.AAX creates the following files on an affected computer:

  • %windir%\prefetch\<malware file>.exe-38016725.pf
  • %windir%\prefetch\btstacfrr.exe-3a6d9632.pf
  • %windir%\prefetch\btstaclrj.exe-38666504.pf
  • %windir%\prefetch\btstacpgn.exe-1c5cc2fe.pf
  • %windir%\prefetch\msgrupd.exe-0f78bd1f.pf
  • <system folder>\btstacfrr.exe
  • <system folder>\btstaclrj.exe
  • <system folder>\btstacpgn.exe
  • <system folder>\msgrupd.exe

Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. Payload Contacts remote host TrojanDownloader:Win32/Banload.AAX may contact a remote host at www.sheileconstruarte.com using port 80. Commonly, malware may contact a remote host for the following purposes:
  • To report a new infection to its author
  • To receive configuration or other data
  • To download and execute arbitrary files (including updates or additional malware)
  • To receive instruction from a remote attacker
  • To upload data taken from the affected computer

This malware description was produced and published using our automated analysis system's examination of file SHA1 f41a18a8191b3bc802543ffdf47290a522496470.

Last update 23 August 2011

 

TOP

Malware :

Family: