Infostealer.Pandebono
Infostealer.Pandebono is a Trojan that steals sensitive details such as account data and PIN numbers from corrupted Automated Teller Machines (ATMs). The Infostealer.Pandebono spreads through a USB connection to the ATM. When Infostealer.Pandebono is executed, it creates the potentially malicious files and folders. Infostealer.Pandebono creates the registry subkey. Infostealer.Pandebono creates a service with the characteristics such as a service Name - Windows Net Logon. Infostealer.Pandebono may terminate the malicious service by command. Infostealer.Pandebono stores stolen information in a certain file. Infostealer.Pandebono stores encrypted PIN numbers to be cracked offline (the process known as 'carding') in a certain file. Infostealer.Pandebono uploads all the stolen data to the USB removable drive if the removable drive root folder carries the specific file.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:[DRIVE LETTER]:\PROCOL 3.0.exe
File name: [DRIVE LETTER]:\PROCOL 3.0.exeFile type: Executable File
Mime Type: unknown/exe
%WinDir%\system32\umst\shadow.dmp
File name: %WinDir%\system32\umst\shadow.dmpMime Type: unknown/dmp
%WinDir%\system32\umst\winpins.dmp
File name: %WinDir%\system32\umst\winpins.dmpMime Type: unknown/dmp
%WinDir%\system32\res\lsass.exe
File name: %WinDir%\system32\res\lsass.exeFile type: Executable File
Mime Type: unknown/exe
%WinDir%\system32\res\smss.exe
File name: %WinDir%\system32\res\smss.exeFile type: Executable File
Mime Type: unknown/exe
%WinDir%\system32\winini.log
File name: %WinDir%\system32\winini.logMime Type: unknown/log
%WinDir%\system32\copwincor.xxx
File name: %WinDir%\system32\copwincor.xxxMime Type: unknown/xxx
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Net Logon
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.