Threat Search: 

ThreatExpert's Statistics for Trojan-Banker.Win32.Banker [Ikarus]:

Trojan-Banker.Win32.Banker [Ikarus] is also known as:
Threat AliasNumber of Incidents
Trojan-Banker.Win32.Banker.amzs [Kaspersky Lab]609
Infostealer.Bancos [Symantec]472
Win-Trojan/Banker.8448 [AhnLab]399
PWS-Banker!bsp [McAfee]359
Mal/Generic-A [Sophos]251
Trojan:Win32/Killav.KO [Microsoft]210
Trojan Horse [Symantec]99
Generic Del.x [McAfee]70
Trojan-PSW.Bancos [PC Tools]59
PWS-Banker [McAfee]52
Trojan-Banker.Win32.Banker.yqo [Kaspersky Lab]49
Mal_Banker [Trend Micro]47
Suspicious.MH690 [Symantec]43
Mal/DelpBanc-A [Sophos]41
Win32/MalPackedB.suspicious [AhnLab]31
Mal/Banspy-F [Sophos]30
Packed/Upack [AhnLab]30
Trojan-Banker.Win32.Banker.etk [Kaspersky Lab]28
TrojanDownloader:Win32/Banload.gen!N [Microsoft]26
Mal/RootKit-Fam [Sophos]21
Win-Trojan/Banker.11392 [AhnLab]21
New Malware.n [McAfee]19
Packed.Generic.138 [Symantec]19
Bloodhound.Bancos.1 [Symantec]18
Infostealer [Symantec]18
Mal/EncPk-DM [Sophos]18
Mal/Packer, Mal/EncPk-BW [Sophos]18
PWS-Banker.gen.bb [McAfee]18
Mal/Banker-E [Sophos]16
Trojan-Downloader.Win32.Delf.tov [Kaspersky Lab]15
PWS-Banker.gen.i [McAfee]14
Trojan-Banker.Win32.Banbra.hik [Kaspersky Lab]14
Mal/Behav-180 [Sophos]13
Win-Trojan/Xema.variant [AhnLab]13
Infostealer.Bancos!gen [Symantec]12
TrojanSpy:Win32/Bancos.gen!C [Microsoft]12
Packed.Generic.56 [Symantec]10
Mal/DelpBanc-A, Mal/Banspy-I [Sophos]9
Mal/EncPk-CU [Sophos]9
Mal/Inet-Fam [Sophos]9
not-a-virus:PSWTool.Win32.MailPassView.ck [Kaspersky Lab]9
Spyware.Perfect [Symantec]9
Trojan-Banker.Win32.Banker.aeuw [Kaspersky Lab]9
Trojan-Banker.Win32.Banker.agrv [Kaspersky Lab]9
Trojan-Banker.Win32.Banker.aidh [Kaspersky Lab]9
Trojan-Banker.Win32.Banker.aqgf [Kaspersky Lab]9
Trojan-Banker.Win32.Banker.arjz [Kaspersky Lab]9
Trojan-Banker.Win32.Banker.sdu [Kaspersky Lab]9
Trojan-Downloader.Win32.Banload.adyw [Kaspersky Lab]9
Trojan-PSW.Generic [PC Tools]9
TrojanSpy:Win32/Mafod!rts [Microsoft]9
Win-Trojan/Banload.1752576 [AhnLab]9
Dropper/MailPass.632320 [AhnLab]8
Trojan-Banker.Win32.Banbra.hhd [Kaspersky Lab]8
Trojan-Banker.Win32.Banbra.hhq [Kaspersky Lab]8
Trojan-Banker.Win32.Banker.aflf [Kaspersky Lab]8
Trojan-Banker.Win32.Banker.agiw [Kaspersky Lab]8
Downloader [Symantec]7
Generic PUP.x [McAfee]7
Mal/DelpBanc-A, Mal/Banspy-F, Mal/Banspy-I [Sophos]7
Mal/DelpBanc-A, Mal/Banspy-F, Mal/Behav-249 [Sophos]7
Mal/Emogen-P [Sophos]7
Spyware.Keylogger [Symantec]7
Trojan-Banker.Win32.Banker.agmd [Kaspersky Lab]7
Backdoor.Win32.Delf.pff [Kaspersky Lab]6
Infostealer.Gampass [Symantec]6
Mal/Banspy-F, Mal/Bank-A [Sophos]6
Mal/DelpBanc-A, Mal/Banspy-F, Mal/Behav-249, Mal/Banspy-I [Sophos]6
PWS-Banker!esm [McAfee]6
Trojan.Banker [PC Tools]6
TrojanSpy:Win32/Bancos.gen!B [Microsoft]6
Win-Trojan/Banker.4211176 [AhnLab]6
Win-Trojan/Banker.7936.B [AhnLab]6
Generic.dx [McAfee]5
Mal/Behav-188, Mal/Emogen-T [Sophos]5
Mal/UnkPack-Fam [Sophos]5
Trojan.Generic [PC Tools]5
Trojan-Downloader.Win32.Agent.apay [Kaspersky Lab]5
TrojanSpy:Win32/Banker [Microsoft]5
Email-Worm.Win32.Runouce.b [Kaspersky Lab]4
I-Worm.Chir.B [PC Tools]4
Mal/Banspy-F, Mal/Behav-249, Mal/Banspy-I [Sophos]4
Mal/DelpBanc-A, Mal/TinyDL-T, Mal/Packer, Mal/Banspy-F [Sophos]4
Mal/EncPk-BW [Sophos]4
PE_Chir.B [Trend Micro]4
PWS-Banker.gen.cg [McAfee]4
Troj/Banker-BNX [Sophos]4
Troj/Bdoor-ATJ [Sophos]4
Trojan.Fakeavalert [Symantec]4
Trojan.Win32.Agent.ataz [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.abeg [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.acjo [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.afht [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.aghm [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.ahmu [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.ahvx [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.akbp [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.apsh [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.apuy [Kaspersky Lab]4
Trojan-Banker.Win32.Banker.apvi [Kaspersky Lab]4

Trojan-Banker.Win32.Banker [Ikarus] has the following possible countries of origin:
OriginNumber of Incidents
Brazil390
China33
Israel12
Russian Federation12
Germany8
Ukraine6
France3
Saudi Arabia3
Italy2
Republic of Korea2
Spain2
Belgium1

Trojan-Banker.Win32.Banker [Ikarus] is known to be created as:
%AppData%\scvhost.exe
%AppData%\svchost.exe
%AppData%\tasksend.exe
%CommonPrograms%\startup\antivirus.exe
%CommonPrograms%\startup\syslyn_update.exe
%CommonPrograms%\startup\win32sv.exe
%CommonPrograms%\startup\windows32.exe
%CommonPrograms%\startup\winsv.exe
%CommonPrograms%\startup\winsys32.exe
%ProgramFiles%\adobe\reader 9.0\reader\acro-broker.exe
%ProgramFiles%\common files\safesys.exe
%ProgramFiles%\ieguide_plus\config.exe
%ProgramFiles%\privacy center\tools\sp\spp.dll
%ProgramFiles%\statistxp\statistxp.exe
%ProgramFiles%\wiznavi_ieguideplus\config.exe
%System%\00cd1a40.exe
%System%\1234393758\wininit.exe
%System%\1249058921\wininit.exe
%System%\57o57k.exe
%System%\57om457k.exe.exe
%System%\asteca.dll
%System%\autms.exe
%System%\avg.exe
%System%\catroot2\msw.exe
%System%\ctfmom.exe
%System%\dllcache\004.exe
%System%\drivers\1206448739\wlnotify.dll
%System%\drivers\drive.sys
%System%\foto.com
%System%\future.exe
%System%\himen.sys
%System%\hp.exe
%System%\kcsetu.dll
%System%\mdlplite.exe
%System%\mmsw72w72.dll
%System%\mshelp.exe
%System%\msmsgs.exe
%System%\msnmsg.exe
%System%\msnnmaneger.exe
%System%\msnwabs.exe
%System%\mui\servssh.exe
%System%\mydpla.exe
%System%\ntsvc.exe
%System%\ocxlist\bbseg.exe
%System%\oqi1346.exe
%System%\pics\cards\isaas.exe
%System%\plug.sys
%System%\ppj4168.exe
%System%\qcw8983.exe
%System%\rasvg.exe
%System%\rgr.sys
%System%\simcard1.dll
%System%\svchosste.exe
%System%\svchosts.exe
%System%\sys\adobeogrr32.dll
%System%\tasklist32.exe
%System%\temp.exe
%System%\wiskyx.exe
%System%\wmiprvse.exe
%System%\wox4959.exe
%Temp%\004.exe
%Temp%\090322-b-2.exe
%Temp%\cancelamento.googleaccounts.com
%Temp%\kelongqi.exe
%Temp%\qvod.exe
%Temp%\spynet.exe
%Temp%\tddownload\hlgd.exe
%Temp%\trojanbanker\acroiehelpe.dll
%Temp%\zz.exe
%UserProfile%\my.exe
%Windir%\3nvy\wmiprvse.exe
%Windir%\cmsssc.exe
%Windir%\config\svchost.exe
%Windir%\e220cd57.dll
%Windir%\fengxing\fengxing.exe
%Windir%\help\conextill.exe
%Windir%\help\hostserver.exe
%Windir%\help\objsel.dll
%Windir%\hookerdll.dll
%Windir%\iexplore.exe
%Windir%\inetinfx.exe
%Windir%\msagent\msnwab.exe
%Windir%\msnlive.exe
%Windir%\msnmsgrs.exe
%Windir%\regopt.dll
%Windir%\repair.exe
%Windir%\smss.exe
%Windir%\svshost.exe
%Windir%\system\csrss.exe
%Windir%\system\jjxzwzjy090326.exe
%Windir%\system\lljyn090118.exe
%Windir%\system\lsass1.exe
%Windir%\system\svchost.exe
%Windir%\system\wini.exe
%Windir%\taskmgrdll.exe
%Windir%\userlogon.exe
%Windir%\win32sv.exe
%Windir%\windows.dll
%Windir%\windowsxp.exe
%Windir%\winhlep.exe
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.