Troj/Banker-K attempts to steal login credentials for Brazilian online banking sites.
In order to run automatically when Windows starts up the Trojan drops the file svchost.exe into the Windows system folder and adds the registry entry HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost pointing to this file.
Troj/Banker-K also drops the files bb.exe, bmb.exe, bnet.exe, bra.exe, gf.exe and itau.exe into the Windows system folder.