Home / malware TrojanDownloader:Win32/Banload.ZCF
First posted on 12 June 2009.
Source: SecurityHomeAliases :
There are no other names known for TrojanDownloader:Win32/Banload.ZCF.
Explanation :
TrojanDownloader:Win32/Banload.ZCF is a trojan that downloads another malware, detected as TrojanSpy:Win32/Banker.VBK.
Symptoms
System ChangesThe following system changes may indicate the presence of this malware:The presence of the following files:
Beautiful_East_Sea03.exeThe display of an executable file that uses an image icon, such as the following: Since this threat executable makes use of an icon usually associated with a legitimate file (such as image files), it is recommended that you view files with their file extensions to verify that the file you are about to open is an image file and not an executable. To view file extensions, refer to View all hidden file types and file name extensions.
TrojanDownloader:Win32/Banload.ZCF is a trojan that downloads another malware. It may arrive in the system as an executable that uses the following icon:
Note that the above icon is by default used by image files. This trojan uses the icon to trick users into thinking that it is an image file. In the above image, the trojan arrives as the file Beautiful_East_Sea03.exe. However, note that this may not always be the case. Once executed, TrojanDownloader:Win32/Banload.ZCF downloads a file from the following Web site:gaby002.com.sapo.pt The downloaded file, which is saved and run from the Windows Temporary Files folder, is detected as TrojanSpy:Win32/Banker.VBK.
Analysis by Francis Allan Tan SengLast update 12 June 2009