Troj/BankHook-A is an internet banking Trojan which attempts to capture confidential banking information and send it to a remote location.
Troj/BankHook-A installs a COM DLL which can be used (by another executable module) to capture and store the contents of HTTP GET and HTTP POST messages sent to HOST URLs that contain any of the following strings:
commbank.com.au
.citibank.com
.stgeorge.com.au
.bendigobank.com.au
.anz.com
national.com.au
westpac.com.au
.hsbc.com.au
barclays.co.uk
lloydstsb.co.uk
citibank.com.au
.online-banking.standardchartered.com.hk
www.ebank.iba.com.hk
www.dahsing.com
www.citibank.com.hk
.hsbc.com.hk
.deutsche-bank.de
.citibank.de
.sparkasse-banking.de
banking.lbbw.de
dit-online.de
.dab-bank.com
www1.bmo.com
www.scotiaonline.scotiabank.com
cibconline.cibc.com
www1.royalbank.com
easyweb.tdcanadatrust.com
suncorpmetway.com.au
cd.citibank.co.ae
ebank.uae.hsbc.com
banknetpower.net
nbd.ae
online-banking.standardchartered.ae
standardchartered.com
www.cbdonline.ae
www.arabi-online.com
banking.mashreqbank.com
www.unb.com
online.nbad.com
pbg1.edc.citiaccess.com
www.privatebank.citibank.com.sg
ekocbank.kocbank.com.tr
internetsube.akbank.com.tr
hercules.pamukbank.com.tr
www.alahlionline.com
www.samba.com
www.almubasher.com.sa
www.sabbnet.com
.e-gold.com.
The captured data is then sent to a remote location via HTTP POST.