Home / malware TrojanSpy:Win32/Banker.AMB
First posted on 05 February 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanSpy:Win32/Banker.AMB.
Explanation :
Threat behavior
Installation
TrojanSpy:Win32/Banker.AMB copies itself to c:\documents and settings\administrator\start menu\programs\startup\oop.exe.
Payload
Contacts remote host
TrojanSpy:Win32/Banker.AMB might contact a remote host at dbsq0010.whservidor.com using port 1433. Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 f29a694860a4b5cdf1a90dea4ade5dd0a39f4816.Symptoms
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\start menu\programs\startup\oop.exeLast update 05 February 2014
