Win32/Spy.Banker [Threat Name] go to Threat

Win32/Spy.Banker.ACJB [Threat Variant Name]

Category trojan
Size 61440 B
Detection created Jul 20, 2015
Detection database version 11967
Aliases Trojan:Win32/Porest!dha (Microsoft)
Short description

Win32/Spy.Banker.ACJB is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine. The trojan is usually a part of other malware.

Installation

The trojan does not create any copies of itself.


The following Registry entry is set:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion]
    • "RegId" = %variable%

A variable numerical value is used instead of %variable% .

Information stealing

The trojan collects the following information:

  • operating system version
  • information about the operating system and system settings
  • language settings
  • computer IP address

The trojan is able to log keystrokes.


The trojan attempts to send gathered information to a remote machine.


The trojan contains a URL address. The HTTP protocol is used.

Other information

The trojan keeps various information in the following files:

  • %appdata%\­adobesystem.log
  • %appdata%\­adobe\­system.log
  • %appdata%\­ntuser.dat

Please enable Javascript to ensure correct displaying of this content and refresh this page.