Multi-License Discount Quote

Change Region

English
Threat Database Trojans Win32/Banload.AYF

Win32/Banload.AYF

By SpideyMan in Trojans

Threat Scorecard

Popularity Rank: 9,408
Threat Level: 90 % (High)
Infected Computers: 7,093
First Seen: January 4, 2012
Last Seen: January 8, 2026
OS(es) Affected: Windows

Win32/Banload.AYF is hazardous Trojan that is able to install banking related Trojans such as Win32/Banker. Win32/Banload.AYF is used by cybercriminals to steal sensitive financial details that can be used to obtain unauthorized remote access and control to bank accounts via Internet banking. Win32/Banload.AYF can download and install additional malware infections to the corrupted PC. It is highly recommended to delete Win32/Banload.AYF from the infected machine as early as possible.

Analysis Report

General information

Family Name: Trojan.Mucc.A
Signature status: No Signature

Known Samples

MD5: d2dc7ed8ee0cfb1a8ee2d2ed87017e17
SHA1: 732e4de711ef1428dcdf2a61f298fd8eb13b4ece
SHA256: 5EABD47967E13803BB3858D8D102A034D79EFC5F74CA871CE3C909D134838DB1
File Size: 2.00 MB, 2001920 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • 2+ executable sections
  • golang
  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 17
Potentially Malicious Blocks: 0
Whitelisted Blocks: 0
Unknown Blocks: 17

Visual Map

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey

Trending

Most Viewed

Loading...