Home / malware TrojanDownloader:Win32/Banload.MD
First posted on 04 March 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Banload.MD is also known as Win32/TrojanDownloader.Delf.OWG (ESET), Trojan-Downloader.Win32.Banload.apya (Kaspersky), Generic Downloader.x!cyl (McAfee).
Explanation :
TrojanDownloader:Win32/Banload.MD is a member of Win32/Banload - Microsoft's detection for a family of trojans that downloads other malware. These downloaded malware are usually members of the Win32/Banker family; trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker.
Top
TrojanDownloader:Win32/Banload.MD is a member of Win32/Banload - Microsoft's detection for a family of trojans that downloads other malware. These downloaded malware are usually members of the Win32/Banker family; trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker. Payload Downloads and Installs Additional Malware
Files detected as TrojanDownloader:Win32/Banload can download other malware by connecting to remote servers, usually via HTTP or FTP. When executed Win32/Banload.MD connects to a remote host in order to download and execute arbitrary files. For example, in the wild one variant has been observed to contact the following remote host for this purpose:agendapiaui.net Downloaded files are saved to the following location:c:\arquivos de programas\windows live\messenger The malware may also display an image that is stored on a remote site. This may be done in order to hide the malware's actions and purpose from the affected user.
Analysis by Ray RobertsLast update 04 March 2010
