Virus

W32/Banker.ANV!tr.spy

Analysis

W32/Banker.ANV!tr.spy - 06-05-24

General Info:

This threat is a "PE" executable file, with file size 519680

Files:

Copies itself to: undefinedSystemRootundefined/undefinedWinDirundefined

Installation to System:

When run, it copies itself to:
undefinedSystemundefined\lsass32.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass32.exe
And creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\MS SETUP (ACME) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run lsass32 = "undefinedSystemundefined\lsass32.exe"

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date	Version	Detail
2024-03-06	92.02197
2024-01-17	92.00731
2022-07-05	90.03884
2022-04-30	90.01881
2022-04-29	90.01845
2022-04-27	90.01793
2022-02-22	89.09863
2021-12-10	89.07650
2019-05-21	68.68100	Sig Updated
2019-05-07	68.34600	Sig Updated

ID	248168
Released	May 24, 2006
Description Updated	May 24, 2006
Aliases	Trojan-Spy.Win32.Banker.anv, probably a variant of Win32/Spy.Banker.AHY trojan
Platform Profile	Win32 file format / PE 32 bit
Profile Type	Trojan Spy (tr.spy)