Home / malware TrojanDownloader:Win32/Banload.AQS
First posted on 04 April 2013.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Banload.AQS.
Explanation :
Installation
TrojanDownloader:Win32/Banload.AQS may be installed by other malware or downloaded from the Internet.
Payload
Downloads other malware
TrojanDownloader:Win32/Banload.AQS tries to download other malware from the following servers:
- stelc< dot >net
- www< dot >enigualdade< dot >com
- www< dot >viaturla< dot >com
In the wild, this trojan attempts to download the following files as "C:\ProgramData\neopzl.cpl":
- via[removed]a.com/components/<blocked>/img.gif - at the time of writing, the file is unavailable
- 65.[removed].223/<blocked>/2211mmnCSOI09988sdkjgnweojgnweKJSFASUI4ffneo.jpg - detected as TrojanDownloader:Win32/Small.gen!AP
- eni[removed]de.com/<blocked>/images/stories/img1.gif - at the time of writing, the file is unavailable
Analysis by Daniel Radu
Last update 04 April 2013