http://{BLOCKED}5.196.130/bfs/update.dat

TSPY_BANKER.EUIQ accesses this site to download its configuration file. Its configuration file contains information such as the IP addresses or website addresses where this spyware redirects the user to, as well as the title strings of target banks.

This is also the site where TROJ_KILSRV.EUIQ may be downloaded from. TROJ_KILSRV.EUIQ is a component of TSPY_BANKER.EUIQ and it uninstalls software that protects Brazilian bank customers when they perform online banking transactions.