Troj/Banker-HO is a password stealing Trojan for the Windows platform.
Troj/Banker-HL targets online banking websites, and can also steal email account details, and information from Protected Storage.
Troj/Banker-HO includes functionality to access the internet and communicate
with a remote server via HTTP.
When first run Troj/Banker-HO copies itself to <Windows>\ho2stdll.exe.
The following registry entry is created to run ho2stdll.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ho2stdll.exe
<Windows>\ho2stdll.exe
Registry entries are created under:
HKLM\SOFTWARE\Microsoft\UserData\