SecurityHome.eu Infostealer.Rawpos

Home / malware PDF

Infostealer.Rawpos

First posted on 21 February 2014.
Source: Symantec
Aliases :
There are no other names known for Infostealer.Rawpos.
Explanation :
When executed, the Trojan creates the following folder:
[ORIGINAL FOLDER]\memdump

It also creates the following file:
[ORIGINAL FOLDER]\memdump\spoolsv.chm

Note: [ORIGINAL FOLDER] is the folder where the Trojan is executed.

The Trojan then searches through the following processes for track one and track two data from credit cards:
pms.execapms.execadotn.exeutg2.exesslgw.exevisatcp.exevisad.exepbtsrv.exefrmweb.exe
The Trojan may then send the stolen information to a remote location.
Last update 21 February 2014

TOP

Malware :

Backdoor.WinCE.Brador.A
WinCE.Dust.A
Backdoor:WinCE/PhoneCreeper.A
Dialer:WinCE/Terdial.A
Trojan:WinCE/Terdial

Last 20

Family:

Infostealer.Jackpos
Infostealer.Steamilik
Infostealer.Ragua
Infostealer.Dyranges
Infostealer.Nuknuken
Infostealer.Decebal
Infostealer.Kwerti!g1
Infostealer.Steem
Infostealer.Retgate
Infostealer.Napolar!g1