Infostealer.Bankeiya

Infostealer.Bankeiya Description

Type: Trojan

Infostealer.Bankeiya is an info-stealer Trojan that is used in attacks against Japanese computer users. Infostealer.Bankeiya reroutes online traffic on the compromised PC. Infostealer.Bankeiya then strives to steal information from particular websites. Upon execution, Infostealer.Bankeiya creates a registry entry so that it can load automatically on the computer every time the PC user boots up Windows. Infostealer.Bankeiya downloads configuration settings from a specific web address. Infostealer.Bankeiya then saves the configuration settings to a specific file before updating itself. Infostealer.Bankeiya transfers the operating system (OS) version installed on the corrupted PC to a specific location. Infostealer.Bankeiya then controls Internet Explorer traffic for the specific URLs linked to online banking websites. If one of the URLs are visited, Infostealer.Bankeiya will show a bogus login screen and record any entered credentials. Infostealer.Bankeiya then transmits the stolen credentials to the remote cybercrook.

Technical Information

File System Details

Infostealer.Bankeiya creates the following file(s):
# File Name Detection Count
1 %UserProfile%\Application Data\ini.ini N/A

Registry Details

Infostealer.Bankeiya creates the following registry entry or registry entries:
Clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"IcpIpCfg" = "Rundll32 "%UserProfile%\Application Data\[RANDOM FILE NAME].dll" MainThread"

More Details on Infostealer.Bankeiya

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • Bttxs.com/getp.asp?MAC=&VER=[OS VERSION]
  • Direct.jp-bank.japanpost.jp/tp1web/U010101SCK.do?link_id=ycDctLgn
  • Profile.hatena.ne.jp/ml[RANDOM NUMBER]
  • Web4.ib.mizuhobank.co.jp/servlet/mib?xtr=EmfLogOff&NLS=JP

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.