Home / malware TrojanSpy:Win32/Bancos.ALB
First posted on 12 April 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanSpy:Win32/Bancos.ALB.
Explanation :
Threat behavior TrojanSpy:Win32/Bancos.ALB is a member of Win32/Bancos - a family of data-stealing trojans that captures online banking credentials, such as account login names and passwords, and relays the captured information to a remote attacker. Most Win32/Bancos variants target customers of Brazilian banks, though some variants target customers of banks in other locations.
Installation
TrojanSpy:Win32/Bancos.ALB creates the following files on your PC:
- %windir%\assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\system.componentmodel.dataannotations.dll
- %windir%\assembly\nativeimages_v2.0.50727_32\temp\zapf.tmp\system.data.datasetextensions.dll
Payload
Contacts remote host
TrojanSpy:Win32/Bancos.ALB might contact a remote host at dbsq0010.whservidor.com using port 1433. Commonly, malware does this to:
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
This malware description was produced and published using automated analysis of file SHA1 43936b3a9d124b15fa03f4de2101751646b57b75.Symptoms
System changes
The following could indicate that you have this threat on your PC:
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\system.componentmodel.dataannotations.dll
- You have these files:
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zapf.tmp\system.data.datasetextensions.dllLast update 12 April 2014
