Troj/Banker-R is a password stealing Trojan that attempts to capture keylogs
associated with web browsing.
Troj/Banker-R creates the following files which are all detected by this
identity:
<Windows>\dllreg.exe
<Windows>\sock64.dll
<StartUp>\rundllw.exe
<Windows System>\load32.exe
<Windows System>\vxdmgr32.exe
In order to run on system restart Troj/Banker-R creates the following
registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32
Troj/Banker-R attempts to send details to a Russian email address.