Troj/Banker-CB is a password stealing Trojan for the Windows platform that targets particular online banking sites.
Once executed, Troj/Banker-CB copies itself to %WINDOWS%\osrwin32.exe and creates the following registry entry in order to run automatically on user logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
windhost.exe
%WINDOWS%\osrwin32.exe
Troj/Banker-CB monitors a user's internet access to a predefined set of banking and financial websites while running in the background as a process, in an attempt to log user activity and send the stolen details to a predefined remote location.
Troj/Banker-CB steals confidential information including the following:
INETCOMM Server Passwords
MS IE FTP Passwords
Outlook Account Manager Passwords
Email account details for HTTP, IMAP and POP3 accounts
Cached Internet Explorer FTP passwords
Also Troj/Banker-CB attempts to download a file to %WINDOWS%\<random filename>.exe from a certain URL and run it.