TrojanSpy:Win32/Banker.AMK copies itself to c:\documents and settings\administrator\application data\adobearm\adobearm.exe.
The malware creates the following files on your PC:
Contacts remote host
TrojanSpy:Win32/Banker.AMK might contact a remote host at smtps.uol.com.br using port 587. Commonly, malware does this to:
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
This malware description was produced and published using automated analysis of file SHA1 76a59435f1c79a9f8770fca43b8fe6e03fcfe661.