Hmmm, self-modify EXE files, read/write bank records, do it all in memory to leave no evidence ... no no, this doesn't smell phishy at all.