Win32/TrojanDownloader.Banload [Threat Name] go to Threat

Win32/TrojanDownloader.Banload.OXP [Threat Variant Name]

Category trojan
Size 197632 B
Aliases Heur.Downloader (Kaspersky)
  Suspicious.MH690.A (Symantec)
  W32/Banload.E.gen!Eldorado (F-Prot)
Short description

Win32/TrojanDownloader.Banload.OXP is a trojan that steals sensitive information. The trojan can send the information to a remote machine. The trojan can download a file from the Internet. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • e-mail addresses

E-mail addresses are searched for in files with one of the following extensions:

  • .wab

Only following folders are searched:

  • %systemdrive%\­Documents and Settings\­

The trojan can send the information to a remote machine.


The trojan contains a list of (2) URLs. The HTTP protocol is used.

Other information

The trojan launches the following processes:

  • iexplore.exe http://www.policia.es/cuer_cancela.htm

The trojan tries to download a file from the Internet.


The file is then saved as %system%\ctfm0n.exe and executed.


The trojan creates the following files:

  • %temp%\­%variable%.bat
  • %windir%\­everypeople.usf

A string with variable content is used instead of %variable% .


The trojan attempts to delete the following files:

  • %windir%\­m2.txt
  • %windir%\­m.txt

The trojan removes itself from the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.