Welcome to the Virus Encyclopedia of Panda Security.
Banbra.GUC carries out the following actions:
Banbra.GUC creates a file called ST45ST.EXE in the Windows system directory. This file is copy of the Trojan.
Banbra.GUC downloads several files from an FTP directory and it stores them in the Windows system directory. These files simulate websites belonging to banks or other web services, and store passwords:
The following image belongs to the icons of the executable files downloaded by Banbra.GUC:
Each of these files create a file in the folder inf of the Windows directory where it stores the data it has obtained from the users.
For example, the file SUGG.EXE creates the file CDAF4H9O3.BSP with the following content:msn: firstname.lastname@example.org, enterpasswordexample
Banbra.GUC creates the following entry in the Windows Registry:
Banbra.GUC is distributed via email messages related to the news about the tragedy of the miners trapped in a Chilean mine.
Banbra.GUC is written in the programming language Visual Basic v5. This Trojan is 23,040 bytes in size and is compressed with PECompact.
Research carried out by Aitor Crespo.