The blog post about Amavaldo "From Carnaval to Cinco de Mayo — The journey of Amavaldo" is available on WeLiveSecurity at https://www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/.
SHA-1 | Filename | Description | ESET detection name | |
---|---|---|---|---|
|
MSI downloader |
VBS/TrojanDownloader.Agent.QSL trojan |
||
|
NvSmartMaxApp.exe |
Abused legitimate application |
Clean file |
|
|
NvSmartMax.dll |
Amavaldo injector |
Win32/Spy.Amavaldo.P trojan |
|
|
NvSmartMax |
Amavaldo banking trojan |
Win32/Spy.Amavaldo.N trojan |
|
|
gup.exe |
Abused legitimate application |
Clean file |
|
|
libcurl.dll |
Injector for email creation tool |
Win32/Spy.Amavaldo.P trojan |
|
|
libcurl |
Email creation tool |
Win32/Spy.Banker.AEGH trojan |
SHA-1 | Filename | Description | ESET detection name | |
---|---|---|---|---|
|
MSI downloader |
Win32/TrojanDownloader.Delf.CSG trojan |
||
|
ctfmon.exe |
Abused legitimate application |
Clean file |
|
|
MsCtfMonitor.dll |
Amavaldo injector |
Win32/Spy.Amavaldo.U trojan |
|
|
MsCtfMonitor |
Amavaldo banking trojan |
Win32/Spy.Amavaldo.N trojan |
SHA-1 | Filename | Description | ESET detection name | |
---|---|---|---|---|
|
VmDetect.exe |
A tool for detecting virtual environment |
Clean file |
|
|
AICustAct.dll |
A tool for checking internet connectivity |
Clean file |
-
%LocalAppData%\%RAND%\NvSmartMax[.dll]
-
%LocalAppData%\%RAND%\MsCtfMonitor[.dll]
-
%LocalAppData%\%RAND%\libcurl[.dll]