Effects 

Banbra.GIM passes itself off as a legitimate program of a certain Brazilian banking entity which requires users to enter certain data regarding their banking account.

It follows the routine below:

• When it is run, a window is displayed recommending users to install a program which offers more security when making Internet banking movements:
  
  
• If the button Confirm is pressed, a window is displayed where the user's banking data are required like account holder and number, among others:
  
  
• Once the information is entered, a message is displayed indicating the security component has been installed successfully:
  
  
• However, all the data entered by the user are sent via FTP to the creator of the Trojan.

Means of transmission 

Banbra.GIM reaches the computer in an email message which seems to have been sent by a certain Brazilian banking entity.

However, Banbra.GIM does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Further Details  

Banbra.GIM is 232,448 bytes in size.

If Flash Player is not installed on the affected computer, the window that is displayed after the file is run cannot be viewed properly:

If so, Banbra.GIM offers users the way to install the Flash Player application:

Then, the process will follow the routine previously explained in the section Effects.