Home / malware

PDF

Trojan:Win32/Banker.W

First posted on 20 November 2014.
Source: Microsoft

Aliases :

There are no other names known for Trojan:Win32/Banker.W.

Explanation :

Threat behavior

Installation

Trojan:Win32/Banker.W creates the following files on your PC:

• c:\documents and settings\administrator\application data\new01.jpg
• c:\documents and settings\all users\application data\microsoft\dr watson\drwtsn32.log
• c:\documents and settings\all users\application data\microsoft\dr watson\user.dmp

The malware uses code injection to make it harder to detect and remove. It can inject code into running processes, including the following:

• LoadDll.exe

Payload

Stops processes

Trojan:Win32/Banker.W can stop the following processes:

• LoadDll.exe

Contacts remote hosts

The malware may contact the following remote hosts using port 80:

• seniortools.1gb.ru
• www.studio19.com.br

Commonly, malware does this to:

• Confirm Internet connectivity
• Report a new infection to its author
• Receive configuration or other data
• Download and run files, including updates or other malware
• Receive instructions from a remote hacker
• Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 727b3540c32387138192d6624786217e0d23ac97.Symptoms

System changes

The following could indicate that you have this threat on your PC:

• You have these files:
  
  c:\documents and settings\administrator\application data\new01.jpg
  c:\documents and settings\all users\application data\microsoft\dr watson\drwtsn32.log
  c:\documents and settings\all users\application data\microsoft\dr watson\user.dmp

Last update 20 November 2014

 

TOP