Troj/Bancban-DA is a password-stealing Trojan that targets customers of certain Brazilian banks.
The Trojan attempts to log keypresses entered into certain websites. The Trojan displays fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.
Troj/Bancban-DA copies itself to the Windows system folderas svchost.scr to the Windows system folder and creates the following registry entry in order to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<Original file name>
<System>\svchost.scr