Home / malware

PDF

TrojanDownloader:Win32/Banload.AXC

First posted on 06 August 2014.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:Win32/Banload.AXC.

Explanation :

Threat behavior

Installation

TrojanDownloader:Win32/Banload.AXC creates the following files on your PC:

• c:\documents and settings\administrator\i63c.drvm
• c:\documents and settings\administrator\windows\476a8ed314.hlp
• c:\documents and settings\administrator\windows\8baef2367a.hlp
• c:\documents and settings\administrator\windows\fa3e6287a9.hlp

Payload

Contacts remote hosts

TrojanDownloader:Win32/Banload.AXC may contact the following remote hosts using port 80:

• contms.doomdns.com
• eklss.gotdns.com

Commonly, malware does this to:

• Confirm Internet connectivity
• Report a new infection to its author
• Receive configuration or other data
• Download and run files, including updates or other malware
• Receive instructions from a remote hacker
• Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 3b899b1f418dae63bdfe0eab12b62e9f98dd2fb3.Symptoms

System changes

The following could indicate that you have this threat on your PC:

• You have these files:
  
  c:\documents and settings\administrator\i63c.drvm
  c:\documents and settings\administrator\windows\476a8ed314.hlp
  c:\documents and settings\administrator\windows\8baef2367a.hlp
  c:\documents and settings\administrator\windows\fa3e6287a9.hlp

Last update 06 August 2014

 

TOP