Home > Threat descriptions >



Category: Malware

Type: Trojan-Spy

Aliases: Bancos.VE


Bancos.VE is a password stealing trojan specifically designed for stealing Bank Information from users of Brazilian Banks.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Upon execution, Bancos.VE displays the following fake error message:

It will then drop a copy of itself into the System Directory as Tasklist32.exe:

  • %systemdir%\tasklist32.exe

Note: %systemdir% by default is C:\Windows\System32.

It also creates the following registry value for its auto-start mechanism:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

TaskList = "%systemdir%\tasklist32.exe"

This malware monitors users' visited URLs. When specific URLs are viewed by a user, it will log all keyboard strokes.

Below are the URLs monitored by this trojan:

  • bankline.itau.com.br
  • https://www2.bancobrasil.com.br/aapf/saldos/006.jsp?codT=0
  • https://www2.bancosbrasil.com.br/aapff/aaii/principal
  • www2.bancobrasil.com.br

Bancos.VE sends the gathered information to a Brazilian email address.