Troj/Bancban-BY is a Trojan that attempts to steal banking details for certain Brazilian banks.
Troj/Bancban-BY monitors information entered into banking websites. Stolen information is sent to a remote user by email. The Trojan may display a fake user interface in order to trick the user into entering confidential details.
The Trojan creates the following registry entry in order to run itself on system logon or startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
winreg_32
<path to Trojan>