Infostealer.Banker.E

Infostealer.Banker.E Description

Infostealer.Banker.E is a banking Trojan that is able to steal a PC user's confidential information, specifically user account and banking details from the corrupted machine. Once Infostealer.Banker.E is installed, it creates its startup registry entry to start every time you boot up your computer. Infostealer.Banker.E also drops corrupt files and creates registry entries to destroy your PC system. Infostealer.Banker.E may create some files to gather the stolen information and to exchange commands with the remote server. Infostealer.Banker.E also has back door capabilities and contacts a remote host on TCP port 80. Infostealer.Banker.E receives commands from the remote attacker and can accomplish malicious actions. Delete Infostealer.Banker.E immediately after detection to avoid system damage.

Technical Information

File System Details

Infostealer.Banker.E creates the following file(s):
# File Name Detection Count
1 %System%\tns1.dll N/A
2 %System%\cookie1.dat N/A
3 %System%\te.dat N/A
4 %System%\boa1.dat N/A
5 %System%\di1.gif N/A
6 %System%\conf1.dat N/A
7 %System%\ps1.dat N/A
8 %System%\cs.dat N/A
9 %System%\alog.txt N/A
10 %System%\conf.dat N/A
11 %System%\rc.dat N/A
12 %System%\bb1.dat N/A
13 %System%\cmds.txt N/A
14 %System%\dr1.gif N/A

Registry Details

Infostealer.Banker.E creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft\"P" = "[HEX VALUES]"
HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft\"1" = "[ENCRYPTED CHARACTERS]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{775B738B-4540-4b16-A1DA-932C402FD8F7}
HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLISD\{775B738B-4540-4b16-A1DA-932C402FD8F7}