SecurityHome.eu TrojanDownloader:Win32/Banload.AVF

Home / malware PDF

TrojanDownloader:Win32/Banload.AVF

First posted on 11 February 2014.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:Win32/Banload.AVF.
Explanation :
Threat behavior

Installation

TrojanDownloader:Win32/Banload.AVF copies itself to c:\documents and settings\administrator\application data\ini.exe. The malware creates the following files on your PC:

c:\documents and settings\administrator\application data\ini.vbs

c:\documents and settings\administrator\application data\lleastreturn.exe

Payload

Contacts remote host

TrojanDownloader:Win32/Banload.AVF might contact a remote host at descontrol001.thaieasydns.com using port 80. Commonly, malware does this to:

Report a new infection to its author

Receive configuration or other data

Download and run files, including updates or other malware

Receive instructions from a remote hacker

Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 2639cafeaf62e3518640350f6087be9494ceac8f.Symptoms

System changes

The following could indicate that you have this threat on your PC:

You have these files:

c:\documents and settings\administrator\application data\ini.exe
c:\documents and settings\administrator\application data\ini.vbs
c:\documents and settings\administrator\application data\lleastreturn.exe

Last update 11 February 2014

TOP

Malware :

None in database

Last 20

TrojanDownloader:Win32/Banload.AVF

Aliases :

Explanation :

Malware :

Family: