Home / malwarePDF  

TrojanDownloader:Win32/Banload.PM


First posted on 23 October 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/Banload.PM is also known as TR/Spy.606208.30 (Avira).

Explanation :

TrojanDownloader:Win32/Banload.PM is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker.
Top

TrojanDownloader:Win32/Banload.PM is a member of Win32/Banload - a family of trojans that downloads other malware. Banload is usually used to download and install members of the Win32/Banker and Win32/Bancos families onto affected computers. Win32/Banker and Win32/Bancos are trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker. InstallationTrojanDownloader:Win32/Banload.PM copies itself to the System folder using the same file name with which it was executed. This filename may differ from instance to instance of this trojan. It then modifies the registry to ensure that this copy executes at each Windows start: In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\RunSets value: "<malware filename>"
To value: "<system folder>\<malware filename>" Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32. Payload Downloads and installs additional malware
Files detected as TrojanDownloader:Win32/Banload.PM can download other malware by connecting to remote servers, usually via HTTP or FTP. These downloaded malware are usually members of the Win32/Banker or Win32/Bancos families; trojans that steal banking credentials and other sensitive data, and send it back to a remote attacker. Steals sensitive dataAs well as downloading additional password stealers, Banload may also contain functionality to obtain usernames and passwords from popular email and social networking sites. Additional informationFor more information about TrojanDownloader:Win32/Banload, see our description elsewhere in the encyclopedia.

Analysis by Rex Plantado

Last update 23 October 2010

 

TOP