TrojanDownloader:Win32/Banload.gen!B is a generic detection for trojans that download additional malware. It usually downloads and executes trojans that attempt to steal banking information from the system.
TrojanDownloader:Win32/Banload.gen!B drops files with random names in the root drive of the system. Files it has been known to drop are the following:
It then modifies the system registry so that its dropped file runs every time Windows starts:
Adds value: "Microsoft Internet Explorers"
With data: "<malware file>"
To subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
where <malware file> is the particular malware file name.
Modifies Internet Explorer Settings
TrojanDownloader:Win32/Banload.gen!B modifies the following registry to change the IE user agent setting:
Adds value: "Embedded Web Browser from: http://bsalsa.com/"
With data: "0"
To key: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Downloads Other Malware
TrojanDownloader:Win32/Banload.gen!B attempts to download and execute other files from remote servers, which may be detected as information-stealing trojans. It may connect to the Web site 'banco.100por1.com' to download these files.
Analysis by Shawn Wang