Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Spy.Banker.VCM

Trojan.Spy.Banker.VCM

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 16,548
Threat Level: 80 % (High)
Infected Computers: 11,305
First Seen: May 7, 2013
Last Seen: January 27, 2026
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Ikarus Win32.SuspectCrc
AntiVir TR/Graftor.36646
Comodo TrojWare.Win32.TrojanDownloader.Dadobra.~JH9
BitDefender Gen:Variant.Zusy.12143
eSafe Suspicious File
McAfee Artemis!6BD864794F9C
Panda Trj/DataRecovery.A
AVG PSW.Banker6.AHNA
Fortinet W32/Banker.YLX!tr
Ikarus Trojan.Hijacker
AhnLab-V3 Trojan/Win32.Hijacker
Microsoft TrojanSpy:Win32/Banker.VCM
AntiVir TR/Hijacker.Gen
Comodo UnclassifiedMalware
Kaspersky Trojan.Win32.Agent.uign

SpyHunter Detects & Remove Trojan.Spy.Banker.VCM

File System Details

Trojan.Spy.Banker.VCM may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. x86.exe 8d5e5a55ae96ee0d4195c48a45f77dd2 196
2. winsystem32.dll faec0b184ca314e0966d3a9eb39b4c02 118
3. AdobeARM.exe 127c5ab208c8fbc3c8ade9b353f575c4 94
4. AdobeReader.exe 3cb8c0500d5437971368d470419b0774 71
5. df8ece5a2847c8013d1ab852cafa8c927017ff1c94e4aa573528939e304b8442 ccc6d03c91cb3f2c212c405576489e6b 34
6. Win10.exe bb2bab235a48180d2a067dedf7bcbb26 27
7. tHov8F2.cpl dec4c99540599f9a7c6ad500ff7c2d8a 25
8. helpmng.exe 1bbb6f292ef5faab7b941befb0272f0a 23
9. chrone.exe 7e40c95391d71b0d1f7f18e953935bbb 22
10. Java.exe 1aab17feb05b53f90e890412cb4ae202 19
11. DealPlyIexplorer.dll 6bd864794f9c26aa0af3f05a0295d5bc 7
12. IFrameDynamic.dll e17b47cb66f255ec68b62a77dc9c5b73 7
13. CortanaPTBR.dll 48e0d99dba5a7d2f4bfae8ef30705e14 3
14. taskhosts.exe e7bed1becf1abbf0a8eeea84e90e54d7 1
15. taskeng.exe 938984f3f48d125ebf13ebf59724ae2d 1
16. GoogleChrome.exe 5616f2099ffce9c922650fdcdf0662aa 1
17. Start.exe ed9462a5a6f088081d5379abf876c5c0 1
18. SisPlugin.exe d9e91a176141ea6f3df64c2f49d2b38e 1
19. iOSPhoneProtect.dll 68aba3d4eb40cd71eb6c7aa7973d6e43 1
20. NativeDebian9.dll 2813f64a6d13de2c18c68bea982ffc04 1
21. banker.exe b77925834fa4a5a72ea7c4ebfc92b3eb 1
22. file.exe 142ebfa97041ca2beec66f9e8dfd07e4 0
More files

Registry Details

Trojan.Spy.Banker.VCM may create the following registry entry or registry entries:
Regexp file mask
%ALLUSERSPROFILE%\Skype\ssScreenVVS2.exe
%APPDATA%\AdobeARM\AdobeARM.exe
%APPDATA%\Microsoft\GoogleTranslator.dll
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\settings.vbe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\winlogon.vbe
%APPDATA%\winsystem32.dll
%TEMP%\ProcessEX.exe
%WINDIR%\help\tmp52[NUMBERS].dat
%WINDIR%\System32\drivers\prifass.sys
%WINDIR%\winsb\sidebarsql.exe

Directories

Trojan.Spy.Banker.VCM may create the following directory or directories:

%ALLUSERSPROFILE%\ASX\ProgramData
%APPDATA%\SisPlugin
%APPDATA%\system16
%appdata%\SASD41310

Analysis Report

General information

Family Name: Trojan.Banker.Spy
Signature status: Self Signed

Known Samples

MD5: ce88b3fa40e095cf69ebaab3e567aa9a
SHA1: 7f19ad248fa8a6a5b690f43d47205f9b9c3c6ea1
SHA256: DF75AD44724F55947703272AD0026811C86473B324B1422EC1B99ADA00845C35
File Size: 7.64 MB, 7640408 bytes
MD5: 211e0baad67b127e75a0383659a7d1e1
SHA1: 1cf6bee8e24d85a26a495ded0435bdc972e3535c
SHA256: 0D6B7DE839BC56E3EBF79BE57836DA9A09FC4B11DDC22022F33F5CEB15D0F973
File Size: 8.67 MB, 8670224 bytes
MD5: 73c253c199e234784e56c3a53f6db92f
SHA1: 618ee80cb562d7532d67ac91a04d033a9e088801
SHA256: 2B816730BBEC5B6A1156D619B8BFAE26C6BB702ED04ABC9485FD366CDD457B38
File Size: 7.16 MB, 7159296 bytes
MD5: 2bcc8e39b6c9b6e7c3d4062a7f2d28d0
SHA1: 797ff21cbfe018dd68b7c0cbabc711d0f400f787
SHA256: 61AE9DECB301DEC97835B9D40F921049A6D6D6EC3E309A00B41FF5A06CC26BA9
File Size: 77.31 KB, 77312 bytes
MD5: 86c0da7452f8b7f50f7444ac9aa81057
SHA1: 266ab467f1027921868adf169f9ddf15d5bc392b
SHA256: 78CB60F2FF5CB03C02F43AF214104E74F263AB44335C7F1A09FDB1AFCCFD2B0C
File Size: 2.58 MB, 2582536 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Microsoft Corporation
File Description Windows .NET SDK Generic
File Version
  • 3.0.0.58889
  • 1.0.0.0
Internal Name Microsoft© .NET Framework
Legal Copyright © Microsoft Corporation. All rights reserved.
Product Name Microsoft© .NET Framework
Product Version
  • 3.0.0.58889
  • 1.0.0.0
Program I D com.embarcadero.Prime989

Digital Signatures

Signer Root Status
COMERCIAL LAR BELLO LTDA - ME:20432846000108 COMERCIAL LAR BELLO LTDA - ME:20432846000108 Self Signed
COMP STORE TELEFONIA E INFORMATICA LTDA - ME Thawte Code Signing CA - G2 Self Signed
M2 AGRO DESENVOLVIMENTO DE SISTEMAS LTDA Thawte Code Signing CA - G2 Self Signed
FUTURA SOLUCOES E TECNOLOGIA LTDA ME thawte SHA256 Code Signing CA Self Signed

Block Information

Total Blocks: 5,431
Potentially Malicious Blocks: 2
Whitelisted Blocks: 5,424
Unknown Blocks: 5

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Casbaneiro.A
  • Casbaneiro.G
  • Filecoder.PB
  • Gamehack.ODB
  • Injector.XN
Show More
  • Ropalidia.D
  • Ulise.BE

Files Modified

File Attributes
c:\windows\syswow64\log\rundll32.exe.debug.log Generic Read,Write Data,Write Attributes,Write extended,Append data

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1cf6bee8e24d85a26a495ded0435bdc972e3535c_0008670224.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\618ee80cb562d7532d67ac91a04d033a9e088801_0007159296.,LiQMAxHB

Trending

Most Viewed

Loading...