Home / malware

PDF

TrojanDownloader:Win32/Banload.ALI

First posted on 23 May 2012.
Source: Microsoft

Aliases :

TrojanDownloader:Win32/Banload.ALI is also known as Luhe.Fiha.A (AVG), TR/Offend.kdv.595197 (Avira), Trojan.DownLoader6.399 (Dr.Web), Trojan-Downloader.Win32.Genome.czup (Kaspersky), Generic Downloader.x!gin (McAfee), TSPY_BANKER.JWE (Trend Micro), Trojan:Win32/Sisproc (other).

Explanation :

TrojanDownloader:Win32/Banload.ALI is a trojan that attempts to download other malware to your computer.

Installation
This trojan uses a familiar icon to trick you into accidentally executing it: When run, this trojan performs its payload, which is to download other malware to your computer.

Payload
Downloads arbitrary filesThis trojan attempts to download the following specified files from an Amazon Web Services account named "macabro01":

• nmf.exe
• smd.dll
• wmd.dll
• attf.exe
• iaf.exe

At the time of this writing, the URL requested by this trojan was unavailable.Additional informationVariants of TrojanDownloader:Win32/Banload attempt to download password stealing malware that tries to steal user logon information for online financial services.

Last update 23 May 2012

 

TOP