SecurityHome.eu Infostealer.Posdump

Home / malware PDF

Infostealer.Posdump

First posted on 08 July 2014.
Source: Symantec
Aliases :
There are no other names known for Infostealer.Posdump.
Explanation :
Infostealer.Posdump is a point-of-sale malware component that dumps the memory being used by the following processes:
active-charge.exeadres35.exeafr38.exeafr8.exeaspnet_wp.execcs.execcv_server.execentralcreditcard.execoncord.execreditservice.exeddcdsrv1.exedsiconcordip_host.exedvd machine.exedwnam_ip.exeedcsvr.exeeps_cachemanager.exeeps_genericmanager.exeepsenginesrv.exeinetccam.exeissdebitservice.exeisspos.exejregil.exemdshttpservice.exemxslipstream.exeomnipos.exeprowin32.exerpro8.exers232manager.exespcwin.exespgagentservice.exetpe_53.exeutg2.exeuvsh.exevmcli_cc.exevmsrv.exexchrgsrv.exe
The memory dump is saved in the following location:
[THREAT LOCATION]\memdump\[PROCESS NAME]-[PROCESS ID].dmp
Last update 08 July 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Infostealer.Jackpos
Infostealer.Steamilik
Infostealer.Ragua
Infostealer.Dyranges
Infostealer.Nuknuken
Infostealer.Decebal
Infostealer.Kwerti!g1
Infostealer.Steem
Infostealer.Retgate
Infostealer.Napolar!g1