Home / malware TrojanDownloader:Win32/Banload.KJ
First posted on 15 October 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Banload.KJ is also known as TROJ_DLOAD.SO (Trend Micro), Trojan-Downloader.Win32.Banload.bcks (Kaspersky).
Explanation :
TrojanDownloader:Win32/Banload.KJ is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker.
Top
TrojanDownloader:Win32/Banload.KJ is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker. Installation TrojanDownloader:Win32/Banload.KJ creates the following files on an affected computer:
%windir%\inf\asynceql.inf %windir%\system\mkp.dll Payload Contacts remote host TrojanDownloader:Win32/Banload.KJ may contact a remote host at papelariatecs.com.br using port 80. Commonly, malware may contact a remote host for the following purposes:
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 d07ebee1521f1f06fbec446bb64bb28cf085a01f.Last update 15 October 2010
