Categories: Trojan

What is “TrojanDownloader:Win32/Banload!Y”?

The TrojanDownloader:Win32/Banload!Y is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanDownloader:Win32/Banload!Y virus can do?

Unconventionial language used in binary resources: Portuguese (Brazilian)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDownloader:Win32/Banload!Y?


File Info:
name: 3F9725DDFB3F391CB1F8.mlwpath: /opt/CAPEv2/storage/binaries/cfac94ff97c527bf6f7ccbdf41a57d3c85ca7e9da466568eb535f67dd499f87dcrc32: F5CBDEE7md5: 3f9725ddfb3f391cb1f86e33c92f85d6sha1: f3b6dc453a4063a394442ad7459707717588853bsha256: cfac94ff97c527bf6f7ccbdf41a57d3c85ca7e9da466568eb535f67dd499f87dsha512: fea6d099329e75d80b1cc78c6ae5199ee4f903aa2568e9b55de04201699a0570430a016ae30d9100c06bfdec7b4b69a7c6c09e7aa159205cfb228347f49fa5b0ssdeep: 6144:BVqlChzF1DBXDdIv6yuCqQPM1CfMuXu4tf7:BjBXJ+YCpPM1lSf7type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windowstlsh: T1153413D706196019EFAAC272C15E1FE6B506186BD0CD066F60A33C0C7CBA57D2A90FD7sha3_384: 3ec45fe7a65612efeb9b62292d01e9dee5f01b7eb479296908a2833254583f959ec0daf94011e3b99138c7d933b05250ep_bytes: 807c2408010f85d901000060be00c029timestamp: 2010-03-08 06:44:45
Version Info:
CompanyName: Casa SaborFileDescription: Casa SaborFileVersion: 1.0.0.0InternalName: Casa SaborLegalCopyright: Casa SaborLegalTrademarks: Casa SaborOriginalFilename: Casa SaborProductName: Casa SaborProductVersion: 1.0.0.0Translation: 0x041d 0x04e4

TrojanDownloader:Win32/Banload!Y also known as:

AVG	Win32:Dh-A [Heur]
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Trojan.Downloader.omSfa8jP@tbO
FireEye	Gen:Trojan.Downloader.omSfa8jP@tbO
Skyhigh	BehavesLike.Win32.Trojan.dc
McAfee	Artemis!3F9725DDFB3F
Cylance	unsafe
VIPRE	Gen:Trojan.Downloader.omSfa8jP@tbO
K7AntiVirus	Trojan ( 7000000f1 )
Alibaba	TrojanDownloader:Win32/Banload.62183d4f
K7GW	Trojan ( 7000000f1 )
CrowdStrike	win/malicious_confidence_70% (D)
Arcabit	Trojan.Downloader.E614B6
Symantec	ML.Attribute.HighConfidence
Cynet	Malicious (score: 100)
ClamAV	Win.Trojan.Banload-7696
Kaspersky	Trojan-Downloader.Win32.Banload.askh
BitDefender	Gen:Trojan.Downloader.omSfa8jP@tbO
NANO-Antivirus	Trojan.Win32.Delf.csznwq
Tencent	Win32.Trojan-Downloader.Banload.Ocnw
TACHYON	Trojan/W32.DP-Banload.601600
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Spy.Banker.Gen
DrWeb	Trojan.DownLoad3.4355
Zillya	Downloader.Banload.Win32.14482
TrendMicro	TROJ_DLOADE.AQP
Emsisoft	Gen:Trojan.Downloader.omSfa8jP@tbO (B)
Ikarus	Trojan-Downloader.Win32.Banload
Jiangmin	TrojanDownloader.Banload.aiaa
Varist	W32/Risk.VKWH-7653
Avira	TR/Spy.Banker.Gen
Antiy-AVL	Trojan[Downloader]/Win32.Banload
Kingsoft	Win32.Trojan.Generic.a
Xcitium	Malware@#3kxdbgvi8amjp
Microsoft	TrojanDownloader:Win32/Banload.gen!Y
ZoneAlarm	Trojan-Downloader.Win32.Banload.askh
GData	Gen:Trojan.Downloader.omSfa8jP@tbO
Google	Detected
VBA32	TScope.Trojan.Delf
ALYac	Gen:Trojan.Downloader.omSfa8jP@tbO
MAX	malware (ai score=100)
DeepInstinct	MALICIOUS
Panda	Trj/Nabload.DRG
TrendMicro-HouseCall	TROJ_DLOADE.AQP
Rising	Trojan.Win32.Generic.12CADB93 (C64:YzY0OtLXSIW7oq5O)
Yandex	TrojanSpy.Delf!T851ysbfxMM
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.9070886.susgen
Fortinet	PossibleThreat.w
Avast	Win32:Dh-A [Heur]
alibabacloud	Trojan[downloader]:Win/Banload.askh