Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Banload.XE

Trojan.Banload.XE

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 9,057
Threat Level: 80 % (High)
Infected Computers: 164
First Seen: October 5, 2024
Last Seen: April 27, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Banload.XE
Signature status: No Signature

Known Samples

MD5: b5d9bea01893e41612713e93bd5c4860
SHA1: 311b4d5d74cff4c0da6f98c1941aeec504bca9ce
SHA256: 9CC0D7658AECBEFDB8E6581609A73AE9A6F4FF45371539362562D5185C833D82
File Size: 3.62 MB, 3622107 bytes
MD5: 1dfc56620e19ff026ec6224d95fee696
SHA1: f9fcd570b8fe07dddddd6fe093a73c6896b27a3e
SHA256: D7CF778BF76E74D8E7C7F6414970434FCADF6571CD1601405EDE638D1EEEBEE4
File Size: 3.82 MB, 3818356 bytes
MD5: 1202b6389097331a0601de9467ddc417
SHA1: b78af92db69464e2098d6371105279433dac4afc
SHA256: 0E2F52BCB37E159983F419845D9E4C17864593CF299032A48BCB66D67FFCB392
File Size: 3.43 MB, 3430875 bytes
MD5: f2288ad966b27b89efe61d79b3c49ee3
SHA1: 1597ba35602d544307ced73a6b1be82d9f80e2e2
SHA256: B84E904B42DF7DE21FA2454A4909F3ED913AA16499956E238932FDDFEFD1A49D
File Size: 1.23 MB, 1231757 bytes
MD5: 321389141f12408abfa9dd08aacd5c77
SHA1: ab9a4dc311f8396b1afd0f293aa2d642e44cbd51
SHA256: 47B0D87EDDF6F0A4C542117B630421E695FFA9EA5C18457A4FB864B56B4FD223
File Size: 4.13 MB, 4126272 bytes
Show More
MD5: 497071a693df8838f3db5496a18784c3
SHA1: 404275ebbc01a5fc21f0e99a17e9a23da266a47e
SHA256: 1DE322CBFF72773BBD1FED61D2A2517D817B85281B95E12A8C8CB35BCA45E0D9
File Size: 4.15 MB, 4147573 bytes
MD5: 06fac88d626b08e624a02ba790412faa
SHA1: e61bf233d5da89a6946747598b7125909e13fd03
SHA256: 873399EF8211833C0698444D16F94E521695AB6F74948BB81474EBBC28BD6EFE
File Size: 4.77 MB, 4772352 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Author: David S. Hooper
  • http://www.ezbsystems.com
Company Name
  • ACD Systems, Ltd.
  • Artifact Interactive
  • Cibal Multimedia
  • EZB Systems, Inc.
File Description
  • ACDSee for Windows 95/98/2000/NT/XP/Vista
  • Arranque Colección Juega y Aprende con Pipo con NorthCode
  • UltraISO Premium Edition
File Version
  • 8.5.1.1860
  • 3, 0, 0, 0
  • 2.2.0.3
  • 1.0.0.0
  • 0.0.0.1
  • 0.0.0.0
Internal Name
  • ACDSee
  • arranque2
  • fT-Online Entertainment World
  • gardenplannerh4
  • index
  • UltraISO
Legal Copyright
  • (c) 2002-2006 EZB Systems, Inc.
  • 2007
  • Cibal Multimedia
  • Copyright © 1995-2007 ACD Systems, Ltd.
Legal Trademarks
  • ACDSee
  • EZB(R)
Original Filename
  • ACDSee.exe
  • arranque2.exe
  • fT-Online Entertainment World.exe
  • gardenplannerh4.exe
  • index.exe
  • ultraiso.exe
Product Name
  • ACDSee
  • Colección Juega y Aprende con Pipo
  • Garden Planner
  • UltraISO Premium
  • untitled
Product Version
  • V8.51
  • 3, 0, 0, 0
  • 2.2.0.3
  • 1.0.0.0
  • 0.0.0.1
  • 0.0.0.0

File Traits

  • big overlay
  • HighEntropy
  • x86

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxb1bf.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\5d2ue24.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l4\27\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_e61bf233d5da89a6946747598b7125909e13fd03_0004772352 Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\downloads\._cache_e61bf233d5da89a6946747598b7125909e13fd03_0004772352 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Service Control
  • OpenSCManager
Process Shell Execute
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
User Data Access
  • GetUserObjectInformation
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket

Shell Command Execution

runas c:\users\user\downloads\._cache_e61bf233d5da89a6946747598b7125909e13fd03_0004772352
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...