Troj/Banload-M is a downloader Trojan for the Windows platform.
Troj/Banload-M includes functionality to download file, access the internet and communicate with a remote server via HTTP.
The downloaded file is detected by Sophos's anti-virus product as Troj/Bancb-Fam.
When first run Troj/Banload-M copies itself to <Windows>\crsass.exe.
The following registry entry is created to run crsass.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ASP.NET State Service
<Windows>\crsass.exe