Win32/Spy.Banker [Threat Name] go to Threat
Win32/Spy.Banker.ACYH [Threat Variant Name]
|Detection created||Apr 01, 2016|
|Signature database version||13269|
Win32/Spy.Banker.ACYH is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine. The file is run-time compressed using UPX .
When executed the trojan copies itself in the following locations:
- C:\Documents and Settings\All Users\Menu Iniciar\Programa\Inicializar\jpg.exe
In order to be executed on every system start, the trojan sets the following Registry entries:
- "jpg" = "%temp%\jpg.exe"
The trojan creates the following files:
The trojan collects sensitive information when the user browses certain web sites.
The following information is collected:
- credit card information
The trojan collects various information when the user is accessing the following sites:
It also monitors windows with any of the following strings in the name:
- Serviços Financeiros Pessoa Física | HSBC Brasil
- Home PF - Hipercard
- Banco Itaú - Feito Para Você
The trojan attempts to send gathered information to a remote machine.
The trojan sends the information via e-mail.
The trojan may display the following fake dialog boxes:
The following programs are terminated: