Win32/TrojanDownloader.Banload [Threat Name] go to Threat

Win32/TrojanDownloader.Banload.RUG [Threat Variant Name]

Category trojan
Size 457728 B
Aliases Trojan-PSW.Win32.Delf.hsk (Kaspersky)
  TrojanDownloader:Win32/Delf.RR (Microsoft)
Short description

Win32/TrojanDownloader.Banload.RUG is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine. The file is run-time compressed using UPX .

Installation

When executed, the trojan copies itself into the following location:

  • %appdata%\­Resourcing\­lsmon.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Memory Resource" = "%appdata%\­Resourcing\­lsmon.exe"

The following Registry entries are set:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Internet Settings\­Zones\­3]
    • "1806" = 0
Information stealing

Win32/TrojanDownloader.Banload.RUG is a trojan that steals sensitive information.


The trojan collects the following information:

  • credit card information

The trojan attempts to send gathered information to a remote machine.


The trojan contains a list of (2) URLs. The HTTP protocol is used.

Other information

The trojan may display the following message:

Please enable Javascript to ensure correct displaying of this content and refresh this page.