Troj/Banker-AY is an information stealing Trojan that attempts to steal banking information related to certain Brazilian banks including "Bradesco" and "Gerenciador Financeiro".
Troj/Banker-AY attempts to download keylogging components from remote websites. The Trojan will then monitor the activity of Internet Explorer and attempt to keylog on websites related to the above banks. Information stolen may be sent to an attacker by email.
Troj/Banker-AY will drop the following files in the Windows system folder:
keylogf.dll
cartao.exe
cartao2.exe
Troj/Banker-AY will set the following registry entry in an attempt to run the Trojan when a user logs on to Windows:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cartao