Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Banker.FA

Trojan.Banker.FA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,933
Threat Level: 80 % (High)
Infected Computers: 2,705
First Seen: May 11, 2021
Last Seen: March 14, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Banker.FA
Signature status: No Signature

Known Samples

MD5: fb2f09eefea6766eeba59b396565ca78
SHA1: ec7dd51bcbcbfa9068105068ffa98b7e0a52cf3f
SHA256: 808D8540F8FF1CA9E088C479D568A38B14F48CBDFB751F55BE1FC08868DBCD28
File Size: 970.92 KB, 970924 bytes
MD5: c7cd787ba2bf12281f633d09eef0a3e5
SHA1: b92aae637f0539220f5778572cbbcff4b6c43c54
SHA256: 90357CA5ED9C9DA83986932562D03361D79D8E89B03F43E75CEB1C74855D5AC1
File Size: 2.11 MB, 2105172 bytes
MD5: 00d0297639d0a796cc89a1af99f9563e
SHA1: d2106295fb3a341c53835b51c4e188d6b8dedcfb
SHA256: 1B26D076AD27D41EB42D1257A0A1E4F50A2200CC82D8465A7FBB230A9F5C4AC7
File Size: 442.43 KB, 442430 bytes
MD5: 1afc501207230a6895a869cb5e11996c
SHA1: 1d8016f0605e78bf667006edbb029bf7f39fb434
SHA256: E011FBA9B00C7F7536DEAD2EA0FD4D2ABDDF8A1F4D50295D6F70FD10BEE489BC
File Size: 977.48 KB, 977478 bytes
MD5: 554779b93b99af95d709a509ecae0dba
SHA1: 902a67115e612e5508b5e200b0467d151d6fe851
SHA256: 6FD228C457ABB047F4C98C9F3F22A5497ADBA112805330514A49A5813260B48E
File Size: 4.82 MB, 4821809 bytes
Show More
MD5: d9936e27b8af7cf7a5455b1b4b61053f
SHA1: 17c14955ab74900b5053df4c0c18fc7f5959f6ec
SHA256: 96D8E3589F93A366D5EAB8773D63174D323208C1F3209314E819FCA0553D79DE
File Size: 9.91 MB, 9906207 bytes
MD5: bf380ff2f2dfc031142442a54e54d963
SHA1: dfea66cd206338b1e0ce3b4e524e6919db4d6a38
SHA256: 9BB1236046D08BD42060E81835AED3A1276D49D03E8313FBC1EA2EA99F30F07A
File Size: 5.42 MB, 5423818 bytes
MD5: dda074ec1baeb432e36027609789acda
SHA1: e9530a386614349d856e0c91ffadf40e741d6764
SHA256: 88835E8DF7C11D9E47F5C9349376EC60F5B3A16B65B95DDDC1667D8E54CEDC83
File Size: 318.04 KB, 318040 bytes
MD5: 82812ce1ae2676e5b402c5bed657477d
SHA1: 69efdbdaa412ac27f6f85d05cfdd8836573267f6
SHA256: C717445D601E096DEAB8AD403462464B94F5CE4CF006468FAA3B3DD8175434A6
File Size: 1.74 MB, 1737350 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments
  • http://www.autoitscript.com/autoit3/
  • This installation was built with Inno Setup.
Company Name
  • AutoIt Team
  • Canneverbe Limited
  • Google Inc.
  • GZU-tek
  • Microsoft Corporation
Company Short Name Google
File Description
  • AutoIt v3 Script
  • CDBurnerXP
  • Google Chrome Installer
  • HaiMian Microsoft 基础类应用程序
  • Microsoft Edge Update
  • Microsoft Office Word
  • Setup Launcher
File Version
  • 70.0.3538.77
  • 12.0.6787.5000
  • 4.5.8.7128
  • 3, 3, 14, 2
  • 1.3.211.7
  • 1.00.000
  • 1, 0, 0, 1
Internal Build Number 62562
Internal Name
  • AutoIt3.exe
  • HaiMian
  • Microsoft Edge Update
  • setup
  • Setup
  • WinWord
Last Change 0f6ce0b0cd63a12cb4eccea3637b1bc9a29148d9-refs/branch-heads/3538@{#1039}
Legal Copyright
  • 2001-2014 Canneverbe Limited
  • Copyright (C) 2007 Macrovision Corporation
  • Copyright 2017 Google Inc. All rights reserved.
  • Copyright 2018 Microsoft Corporation
  • © 2006 Microsoft Corporation. All rights reserved.
  • ©1999-2015 Jonathan Bennett & AutoIt Team
  • 版权所有 (C) 2003
Legal Trademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
Legal Trademarks2 Windows® is a registered trademark of Microsoft Corporation.
Official Build 1
Original Filename
  • AutoIt3.exe
  • HaiMian.EXE
  • MicrosoftEdgeUpdate.exe
  • Setup.exe
  • WinWord.exe
Product Name
  • 2007 Microsoft Office system
  • AutoIt v3 Script
  • CDBurnerXP
  • EZP_XPro
  • Google Chrome Installer
  • HaiMian 应用程序
  • Microsoft Edge Update
Product Short Name Chrome Installer
Product Version
  • 70.0.3538.77
  • 12.0.6787.5000
  • 4.5.8.7128
  • 3, 3, 14, 2
  • 1.3.211.7
  • 1.00
  • 1, 0, 0, 1
Upstream Version 1.3.99.0

Digital Signatures

Signer Root Status
AutoIt Consulting Ltd GlobalSign CodeSigning CA - G2 Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch
Google Inc Symantec Class 3 SHA256 Code Signing CA Hash Mismatch
Canneverbe Limited thawte SHA256 Code Signing CA Hash Mismatch

File Traits

  • 2+ executable sections
  • Badsig autoit
  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • No Version Info
  • themida
  • themida section variant
Show More
  • virut
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 232
Potentially Malicious Blocks: 1
Whitelisted Blocks: 77
Unknown Blocks: 154

Visual Map

0 ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? 0 ? 0 ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 x 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Autoit
  • Delf.Q
  • Downloader.Agent.JCA
  • Philadelphia.A
  • Philadelphia.B

Files Modified

File Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_msi5166._is Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-h4dd2.tmp\dfea66cd206338b1e0ce3b4e524e6919db4d6a38_0005423818.tmp Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1 Z1牑慤煩潹B 뻯.Qrdaiqyo RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0 \1坛㰨佄啃䕍ㅾD 뻯啫嬯嬯薑.샒documents RegNtPreCreateKey
Show More
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot ° RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\176\shell::sniffedfoldertype Documents RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\dfea66cd206338b1e0ce3b4e524e6919db4d6a38_0005423818 c:\users\user\downloads\dfea66cd206338b1e0ce3b4e524e6919db4d6a38_0005423818:*:enabled:@shell32.dll,-1 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx

Trending

Most Viewed

Loading...