Trojan.Banker.TD

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	10,551
Threat Level:	80 % (High)
Infected Computers:	4,268

First Seen:	February 18, 2021
Last Seen:	April 7, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Banker.TD
Signature status:	No Signature

Known Samples

MD5: 987a9a2036ea3b30f01095527dc01216

SHA1: 898a3ef1f75b1c22482753d5f26ee552d3e615f0

File Size: 2.62 MB, 2618880 bytes

MD5: 6382f903d0528ac782111a8a6bbd4cec

SHA1: 89ec2b6ebeae3185a217dbbe5e02afe809414806

SHA256: 4461EBB2D366D0B5F81665980ADDA965503E0F994F043C20D08C66DEBE4D3CE1

File Size: 8.45 MB, 8454656 bytes

MD5: 595f27d939810de0d6de89b642b5c71a

SHA1: 513aca5b67dcfb64a51f8daa8fd11ec1419db532

SHA256: 6F1ED6C3C8217E56EB89B1AD0C9E785D2649E12FCEFFCA3F000A407AABD80F61

File Size: 5.67 MB, 5674886 bytes

MD5: 822062a9864e4693e5748c579bdd70d5

SHA1: aeddef49cfab330c8ef5ee38f2b18308f66fd227

SHA256: A651DBE2E7808D0D0519531E46C4319538389D1C78080215BD6013E6990F2CF2

File Size: 8.95 MB, 8954582 bytes

MD5: 9c20dec56c79f86f75034a9d2d467c4a

SHA1: 90a010ecc07f28a63a8f9f920bc558bed4035eef

SHA256: 7C2C3D8645233EAEE69B6D2090AA08B846AAC77BEB7724F57858B123C2FF641D

File Size: 3.08 MB, 3075751 bytes

MD5: 80f7ccf65a1043494000811866ac566f

SHA1: b3ce0c3b7d6eb459de7c3e38658bb9bcbd92abf8

SHA256: A9371E172EB46780299AE6E613DB1E041517959E0DDB42C539CC03428839DCFE

File Size: 3.61 MB, 3612672 bytes

MD5: 37456b02caf54d115dc2dbc5971ec70f

SHA1: 26abd6d5169bddf28bf477897042defdb596edd2

SHA256: B8D7D6B4240870E132A93AA022A92AB851D1CA24A3AD085AB69DF3DDCFD58F97

File Size: 6.51 MB, 6511616 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Synaptics
File Description	Synaptics Pointing Device Driver
File Version	1.00 1.0.0.4
Internal Name	TJprojMain
Original Filename	TJprojMain.exe
Product Name	Project1 Synaptics Pointing Device Driver
Product Version	1.00 1.0.0.0

File Traits

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\programdata\synaptics	Synchronize,Write Attributes
c:\programdata\synaptics\rcx3373.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\rcxc076.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Data
c:\users\user\appdata\local\temp\rv8fdko.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl	Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l4\7\2026	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\downloads\._cache_26abd6d5169bddf28bf477897042defdb596edd2_0006511616	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_26abd6d5169bddf28bf477897042defdb596edd2_0006511616	Synchronize,Write Attributes
c:\users\user\downloads\._cache_898a3ef1f75b1c22482753d5f26ee552d3e615f0_0002618880.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_898a3ef1f75b1c22482753d5f26ee552d3e615f0_0002618880.exe	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver	C:\ProgramData\Synaptics\Synaptics.exe	RegNtPreCreateKey
HKCU\software\pc soft\windev\24.0\appli\._cache_898a3ef1f75b1c22482753d5f26ee552d3e615f0_0002618880::last_framework	$9	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Service Control	OpenSCManager
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	ShellExecuteEx
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Other Suspicious	SetWindowsHookEx
Network Winsock2	WSAStartup WSAttemptAutodialName
Network Winhttp	WinHttpOpen
Network Wininet	InternetOpen InternetOpenUrl InternetReadFile
Network Winsock	bind closesocket gethostbyname getsockname socket

Shell Command Execution


							runas c:\users\user\downloads\._cache_898a3ef1f75b1c22482753d5f26ee552d3e615f0_0002618880.exe


							runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate


							runas c:\users\user\downloads\._cache_26abd6d5169bddf28bf477897042defdb596edd2_0006511616

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Banker.TD

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Mr Beast Discord Scam

Your Cloud Is Disabled Email Scam

PCLocked Ransomware

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen