Trojan.Banker.R

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	7,331
Threat Level:	80 % (High)
Infected Computers:	243

First Seen:	May 28, 2021
Last Seen:	March 28, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Banker.R
Signature status:	No Signature

Known Samples

MD5: f40a08abe836bed551c478ac4b3ebb79

SHA1: 5aaca2b27d7f990769e2e57e16053a0c896d9ba3

SHA256: C9C0A2B42B6ECEEA91B0BB8D33C1E61C99803E2AE4FEA27BC8454F60579ADB17

File Size: 3.08 MB, 3079680 bytes

MD5: fadfff45436f92e8fb1824c678a40344

SHA1: a2072d19a64314c1638d7db7e8ffab60067a9c4a

SHA256: D68AB4FB1C6962017CAAFAA9E5159CA634DF214D2F24317FEE981719628E142B

File Size: 2.43 MB, 2430976 bytes

MD5: 84f80ed9826fda11b94538ff1afbb610

SHA1: 65a3b891e380e83fb6a57a04a9806a3ebf6696fc

SHA256: 185BD0496636DB322E03E59F00A7CA6F067587DEBECA2027EC22A8E0DD01876C

File Size: 3.08 MB, 3079680 bytes

MD5: efc5891a7fe154b8241ff5b4ded4da07

SHA1: 7abab4d57a80cc6a5f9ecb4f17904790637a1d55

SHA256: 59B892654E8864813F0D9BC1DC5AB3D90D44973B85A19C8995F3AF66F16B3259

File Size: 5.43 MB, 5434273 bytes

MD5: e037364315283a30045a90a1e2de7917

SHA1: 065c60a98c375b42ad55e26fbca1814eafec5dee

SHA256: AF4096EC193F8C090C68B472BCC0E9E199514C83D5B89EEA6B6C8A7C659CB7AA

File Size: 3.08 MB, 3078144 bytes

MD5: 06f60ab67a3c7f1d3973cdcd4f2f614a

SHA1: c2774b84c34dd7adad75788d04b1da4691eaab14

SHA256: C52D2C30654CA1AD2E780A0256D77D128EA8DC66806B9194D6AFFAE9BBF4DB3B

File Size: 1.26 MB, 1259520 bytes

MD5: 040f8d67e084a3cd865fedfca73e3334

SHA1: ca518af4174ac23994a51f0a46491e6fe42a4735

SHA256: 09765A3D6C1EDAE249FD3E26A098639C2B7F3EE1379534FC53F98F6117418AD7

File Size: 3.08 MB, 3079680 bytes

MD5: 7ab80568b8acdb42b4606a02f9a8c084

SHA1: 5da1ba1e56b6b101b2d18426f3c1eb795feffbc2

SHA256: 898974AA44EC6DBED4F4B488BF55E839115328118F38CB75A22084F5D81460DD

File Size: 6.88 MB, 6877911 bytes

MD5: 93f8de9df73acf3f6ea802a96b0f6cfa

SHA1: b724dc000c7658010ab4b5c90276412a04fca76b

SHA256: 9837F7920F31A917BF75C65FF4A9106DDF3F45FC26FA88DE4DC55B5C5077117B

File Size: 4.17 MB, 4173312 bytes

MD5: ff6add633f358e170eb37c7793209600

SHA1: 6e7876ae2f375ee67baa42fdda5604c352d311e8

SHA256: 01C8E68FDEBFABAC0D40E8702D2FA7CAACD500C63165D16432BBEB1AB82522BA

File Size: 4.54 MB, 4537344 bytes

MD5: 102a0f46252f5fba05080d904f578ae6

SHA1: 2f9080a4d1ae2ea95d6483e10c799d6090a3f035

SHA256: 6469BE2D8A98BB98221425FA35A1BCAA4BD67469C1123DC4D08294FF05704E52

File Size: 3.11 MB, 3105792 bytes

MD5: cf04b201a4bda334fe2ea7e992e178ae

SHA1: 5905c48df02cad0c587e715e9759ca67e0c90b52

SHA256: AC441CFB6F822ECA9ADF3393998B4E263E42D649E6F6AD626341E489601DB884

File Size: 2.43 MB, 2430976 bytes

MD5: 1a0d133b994094af748f3f4e320c5024

SHA1: ebc0e0b514fceea59399ddd6fd560e5ab9d67b39

SHA256: 61372E4E911A1C441A4422345C83D8E075D10D0763B8EFC0043E1CAE34C047D2

File Size: 3.13 MB, 3128320 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	Suporte Remoto DS Infromática
File Description	Suporte Remoto
File Version	3.0.0.7 2.9.1.1 2.8.0.6 2.3.1.1 2.3.0.6 2.0.1.0 2.0.0.28 2.0.0.6 1.9.0.6 1.8.1.0 Show More 1.5.0.5 0.4.0.7
Internal Name	Suporte Remoto
Original Filename	Suporte Remoto DS Infromática
Product Name	2.9.1.1 Suporte Remoto DS Infromática
Product Version	3.0.0.7 2.9.1.1 2.8.0.6 2.3.1.1 2.3.0.6 2.0.1.0 2.0.0.6 2.0.0 1.9.0.6 1.8.1.0 Show More 1.5.0.5 0.4.0.7

File Traits

2+ executable sections
big overlay
dll
HighEntropy
VirtualQueryEx
WriteProcessMemory
x86

Block Information

Total Blocks:	7,409
Potentially Malicious Blocks:	55
Whitelisted Blocks:	7,311
Unknown Blocks:	43

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.DSS
BadJoke.XA
Banker.GF
Banload.XG
Banload.XH

Banload.XJ
Casbaneiro.A
Casbaneiro.G
Danabot.DI
Delf.OF
Downloader.Delf.C
Filecoder.IFA
Injector.KPP
Injector.XN
Lamer.B
Lokorrito.C
Malat.A
Ousaban.C
Ousaban.D
Ropalidia.D
Ulise.BE
Vadokrist.B

Files Modified

File	Attributes
c:\users\user\downloads\config_suporte.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenProcessToken ntdll.dll!NtProtectVirtualMemory Show More ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Process Shell Execute	CreateProcess
Anti Debug	NtQuerySystemInformation
User Data Access	GetUserObjectInformation
Network Winsock2	WSAStartup
Network Winsock	connect socket
Process Manipulation Evasion	NtUnmapViewOfSection

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5aaca2b27d7f990769e2e57e16053a0c896d9ba3_0003079680.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a2072d19a64314c1638d7db7e8ffab60067a9c4a_0002430976.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\65a3b891e380e83fb6a57a04a9806a3ebf6696fc_0003079680.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7abab4d57a80cc6a5f9ecb4f17904790637a1d55_0005434273.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\065c60a98c375b42ad55e26fbca1814eafec5dee_0003078144.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ca518af4174ac23994a51f0a46491e6fe42a4735_0003079680.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5da1ba1e56b6b101b2d18426f3c1eb795feffbc2_0006877911.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b724dc000c7658010ab4b5c90276412a04fca76b_0004173312.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6e7876ae2f375ee67baa42fdda5604c352d311e8_0004537344.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2f9080a4d1ae2ea95d6483e10c799d6090a3f035_0003105792.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5905c48df02cad0c587e715e9759ca67e0c90b52_0002430976.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ebc0e0b514fceea59399ddd6fd560e5ab9d67b39_0003128320.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Banker.R

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trojan.Banker.REA

Trending

Zollo Ransomware

BeatBanker Banking Trojan

Giant Coupons Official Extension

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen