Skip to content

TROJ_BANLOAD.JAE

Overview

Malware type: Trojan

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

Low

Distribution potential:

Low

Description: 

This Trojan arrives as attachment to email messages spammed by another malware or a malicious user. It may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It connects to Web site(s) to download and execute a malicious file. It saves the downloaded file(s). It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

Read more about this threat incident in the Malware Blog entry "Haiti Spam Leads to New Malware."

For additional information about this threat, see:

Description created: Jan. 27, 2010 4:16:39 PM GMT -0800


Technical Details

File type: PE

Memory resident:  No

Size of malware: 536, 576 Bytes

Initial samples received on: Jan 27, 2010

Related toTSPY_BANKER.LMG

Payload 1: Downloads files

Details:

Arrival Details

This Trojan arrives as attachment to email messages spammed by another malware or a malicious user.

It may be dropped by other malware.

It may be downloaded unknowingly by a user when visiting malicious Web sites.

Download Routine

This Trojan connects to the following Web site(s) to download and execute a malicious file:

  • http://{BLOCKED}.sprucelake.org/images/twain32.jpg
  • http://{BLOCKED}.sprucelake.org/images/twain32.png

It saves the downloaded file(s) as the following:

  • %Windows%\twain32.dll
  • %Windows%\twain32.exe

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

It then executes the downloaded file(s). As a result, malicious routines of the downloaded file(s) are exhibited on the affected system.

Trend Micro detects the dowloaded file as TSPY_BANKER.LMG.

Affected Platforms

This Trojan runs on Windows 98, ME, NT, 2000, XP and Server 2003.

Analysis By: Jessa De La Torre


Solution

Minimum scan engine version needed: 8.900


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

For Windows ME and XP users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

 Step 1: Remove malware files related to TROJ_BANLOAD.JAE  

 Step 2: Scan your computer with your Trend Micro product to delete files detected as TROJ_BANLOAD.JAE  

*Note: If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.




Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.


Connect with us on