Infostealer.Pandebono
Infostealer.Pandebono is a Trojan that steals private details such as account data and PIN numbers from targeted Automated Teller Machines (ATMs). Infostealer.Pandebono propagates through a USB connection to the ATM. Once launched, Infostealer.Pandebono creates potentially harmful files and folders. Infostealer.Pandebono creates the registry subkey. Infostealer.Pandebono creates a service with the characteristics such as a service Name - Windows Net Logon. Infostealer.Pandebono may stop the malevolent service by command. Infostealer.Pandebono stores stolen information in the certain file. Infostealer.Pandebono stores encrypted PIN numbers to be cracked offline, the process known as 'carding', in the specific file. Infostealer.Pandebono uploads all the stolen data to the USB removable drive if the removable drive root folder includes the particular file.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | [DRIVE LETTER]:\PROCOL 3.0.exe | |
| 2. | %WinDir%\system32\umst\shadow.dmp | |
| 3. | %WinDir%\system32\umst\winpins.dmp | |
| 4. | %WinDir%\system32\res\lsass.exe | |
| 5. | %WinDir%\system32\res\smss.exe | |
| 6. | %WinDir%\system32\winini.log | |
| 7. | %WinDir%\system32\umst\copwincor.xxx |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.