Troj/Banker-DA is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Banker-DA will monitor a user's internet access. When certain internet banking sites are visited, the Trojan will display a fake login screen in order to trick the user into inputting their details.
Troj/Banker-DA will then send the stolen details to an email address.
When Troj/Banker-DA is installed the following files are created:
<Windows>\ie\win32sys4.exe
The following registry entry is created to run win32sys4.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
win32beta
<Windows>\IE\win32sys4.exe