Home / malware TrojanDownloader:Win32/Banload.AWT
First posted on 16 June 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Banload.AWT.
Explanation :
Threat behavior TrojanDownloader:Win32/Banload.AWT is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker.
Installation
TrojanDownloader:Win32/Banload.AWT creates the following files on your PC:
The malware uses code injection to make it harder to detect and remove. It can inject code into running processes, including the following:
- c:\documents and settings\all users\application data\microsoft\dr watson\drwtsn32.log
- c:\documents and settings\all users\application data\microsoft\dr watson\user.dmp
- LoadDll.exe
Payload
Stops processes
TrojanDownloader:Win32/Banload.AWT can stop the following processes:
Contacts remote hosts
- LoadDll.exe
The malware may contact the following remote hosts using port 80:
- geoip.s12.com.br
- www.pagamentosboleto.com
Commonly, malware does this to:
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
This malware description was produced and published using automated analysis of file SHA1 f2b756e5672012d832f139f3d29128a52e3ed478.Symptoms
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\all users\application data\microsoft\dr watson\drwtsn32.log
c:\documents and settings\all users\application data\microsoft\dr watson\user.dmpLast update 16 June 2014
