ATMWALL RSS latest submissions

FIXS - 6128e9c96e30986941d9f8c15efe2020363385d1ee44dad513f9804fb2ee25bb

Sat, 11 Feb 2023 23:36:08 CEST

ATM MALWARE NOTICE: 6128e9c96e30986941d9f8c15efe2020363385d1ee44dad513f9804fb2ee25bb
Family: FiXS

Filename: conhost.exe
Filetype: EXE/Windows
Filesize: 104.50 KB
Packer/compiler: MS Visual C++ 8
Screenshot: No
Reference: Yes
Additional note: No
Potential PDB patch exposed inside: No

FIXS - d3c40be552819f57dc51c5a18b8a5b0595e47dd73b09d5bf4c0a2083bd1243c3

Sat, 11 Feb 2023 23:30:41 CEST

ATM MALWARE NOTICE: d3c40be552819f57dc51c5a18b8a5b0595e47dd73b09d5bf4c0a2083bd1243c3
Family: FiXS

Filename: conhost.exe
Filetype: EXE/Windows
Filesize: 145.00 KB
Packer/compiler: Borland Delphi v6.0 - v7.0
Screenshot: No
Reference: Yes
Additional note: No
Potential PDB patch exposed inside: No

DISPCASHBR - 3fc60a83ef20e211458314b964dd532fa2ddedf042b508f5512b41f05f731116

Fri, 30 Apr 2021 22:20:20 CEST

ATM MALWARE NOTICE: 3fc60a83ef20e211458314b964dd532fa2ddedf042b508f5512b41f05f731116
Family: DispCashBR

Filename: bn.exe
Filetype: EXE/Windows
Filesize: 43.50 KB
Packer/compiler: Not available
Screenshot: Yes
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: No

PLOUTUS-I - 3a1d992277a862640a0835af9dff4b029cfc6c5451e9716f106efaf07702a98c

Tue, 24 Nov 2020 23:26:12 CEST

ATM MALWARE NOTICE: 3a1d992277a862640a0835af9dff4b029cfc6c5451e9716f106efaf07702a98c
Family: Ploutus-I

Filename: Diebold.exe
Filetype: EXE/Windows
Filesize: 187.00 KB
Packer/compiler: MS Visual C# / Basic .NET
Screenshot: No
Reference: No
Additional note: No
Potential PDB patch exposed inside: Yes

PLOUTUS-I - 4f6d4c6f97caf888a98a3097b663055b63e605f15ea8f7cc7347283a0b8424c1

Fri, 21 Aug 2020 00:00:00 CEST

ATM MALWARE NOTICE: 4f6d4c6f97caf888a98a3097b663055b63e605f15ea8f7cc7347283a0b8424c1
Family: Ploutus-I

Filename: Diebold.exe
Filetype: EXE/Windows
Filesize: 217.00 KB
Packer/compiler: .NET executable
Screenshot: Yes
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: Yes

ATM.LOUP - 6c9e9f78963ab3e7acb43826906af22571250dc025f9e7116e0201b805dc1196

Fri, 14 Aug 2020 00:00:00 CEST

ATM MALWARE NOTICE: 6c9e9f78963ab3e7acb43826906af22571250dc025f9e7116e0201b805dc1196
Family: ATM.Loup

Filename: kernel inj.exe
Filetype: EXE/Windows
Filesize: 40.00 KB
Packer/compiler: MS Visual C++ v8.0
Screenshot: No
Reference: Yes
Additional note: No
Potential PDB patch exposed inside: Yes

PLOUTUS-I - dce1f01c08937fb5c98964a0911de403eed2101a9d46c5eb9899755c40c3765a

Wed, 27 May 2020 00:00:00 CEST

ATM MALWARE NOTICE: dce1f01c08937fb5c98964a0911de403eed2101a9d46c5eb9899755c40c3765a
Family: Ploutus-I

Filename: NDCPlus.exe
Filetype: EXE/Windows
Filesize: 216.50 KB
Packer/compiler: MS Visual C# / Basic .NET
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: Yes

PLOUTUS-I - 8ca29597152dc79bcf79394e1ae2635b393d844bb0eeef6709d37e6778457b31

Thu, 21 May 2020 00:00:00 CEST

ATM MALWARE NOTICE: 8ca29597152dc79bcf79394e1ae2635b393d844bb0eeef6709d37e6778457b31
Family: Ploutus-I

Filename: itautec.exe
Filetype: EXE/Windows
Filesize: 220.00 KB
Packer/compiler: MS Visual C# / Basic .NET
Screenshot: Yes
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: Yes

DISPCASH.10 - 05a00a4b2d07780021bcd1a4abe84dc0ee28531136414f0ee631fa0d9844d479

Fri, 15 May 2020 00:00:00 CEST

ATM MALWARE NOTICE: 05a00a4b2d07780021bcd1a4abe84dc0ee28531136414f0ee631fa0d9844d479
Family: DispCash.10

Filename: xfs_cuinfo.exe
Filetype: EXE/Windows
Filesize: 89.50 KB
Packer/compiler: Borland Delphi v6.0 - v7.0
Screenshot: No
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: No

DISPCASH.10 - 98e7fe52634c9ed9105a1604169e29d797419cb89ae863c2178999f34abd1497

Fri, 15 May 2020 00:00:00 CEST

ATM MALWARE NOTICE: 98e7fe52634c9ed9105a1604169e29d797419cb89ae863c2178999f34abd1497
Family: DispCash.10

Filename: cuinfo.exe
Filetype: EXE/Windows
Filesize: 49.00 KB
Packer/compiler: Not available
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOT - fc7fb41d47409efea69ed59c791b7d4144f92f6f3ed9834742db82dd779084e6

Fri, 21 Feb 2020 21:00:00 CEST

ATM MALWARE NOTICE: fc7fb41d47409efea69ed59c791b7d4144f92f6f3ed9834742db82dd779084e6
Family: WinPot

Filename: 555.exe
Filetype: EXE/Windows
Filesize: 21.50 KB
Packer/compiler: Not available
Screenshot: Yes
Reference: No
Additional note: No
Potential PDB patch exposed inside: No

WINPOTV3 - acc9be34ac6effb6a87cd5110f68e7c59a982f44fa53619a07e5c67da1b99a53

Fri, 21 Feb 2020 17:08:28 CEST

ATM MALWARE NOTICE: acc9be34ac6effb6a87cd5110f68e7c59a982f44fa53619a07e5c67da1b99a53
Family: WinPotv3

Filename: showme.exe
Filetype: EXE/Windows
Filesize: 48.00 KB
Packer/compiler: Not available
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

ALICE - 6b2fac8331e4b3e108aa829b297347f686ade233b24d94d881dc4eff81b9eb30

Thu, 09 Jan 2020 17:03:14 CEST

ATM MALWARE NOTICE: 6b2fac8331e4b3e108aa829b297347f686ade233b24d94d881dc4eff81b9eb30
Family: Alice

Filename: taskmngr.exe
Filetype: EXE/Windows
Filesize: 116.00 KB
Packer/compiler: MS Visual C# v7.0 / Basic .NET
Screenshot: Yes
Reference: No
Additional note: No
Potential PDB patch exposed inside: No

DISPCASHBR - 7cea6510434f2c8f28c9dbada7973449bb1f844cfe589cdc103c9946c2673036

Wed, 04 Dec 2019 00:00:00 CEST

ATM MALWARE NOTICE: 7cea6510434f2c8f28c9dbada7973449bb1f844cfe589cdc103c9946c2673036
Family: DispCashBR

Filename: atWin.exe
Filetype: EXE/Windows
Filesize: 43.48 KB
Packer/compiler: Not available
Screenshot: Yes
Reference: Yes
Additional note: No
Potential PDB patch exposed inside: No

DISPCASHBR - 5c002870698258535d839d30f15c58934869c337add65c9b499aca93fb1c8692

Wed, 04 Dec 2019 00:00:00 CEST

ATM MALWARE NOTICE: 5c002870698258535d839d30f15c58934869c337add65c9b499aca93fb1c8692
Family: DispCashBR

Filename: at_diebold_1.exe
Filetype: EXE/Windows
Filesize: 33.65 KB
Packer/compiler: Not available
Screenshot: No
Reference: Yes
Additional note: No
Potential PDB patch exposed inside: No

HELLOWORLD - adf43c6957fd11e45ffa4f2a71eb0ef565da9c4a9bc9cd101d2ac485b5358c46

Mon, 18 Nov 2019 00:00:00 CEST

ATM MALWARE NOTICE: adf43c6957fd11e45ffa4f2a71eb0ef565da9c4a9bc9cd101d2ac485b5358c46
Family: HelloWorld

Filename: dns.dll
Filetype: DLL/Windows
Filesize: 326.00 KB
Packer/compiler: MS Visual C++ 6.0 - 8.0
Screenshot: No
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

HELLOWORLD - d9c1151ac686be204e2bdf368130fdb972668d3090b9f9fb0d0e60ebae473776

Mon, 18 Nov 2019 00:00:00 CEST

ATM MALWARE NOTICE: d9c1151ac686be204e2bdf368130fdb972668d3090b9f9fb0d0e60ebae473776
Family: HelloWorld

Filename: xfs.dll
Filetype: DLL/Windows
Filesize: 25.50 KB
Packer/compiler: MS Visual C++ v7.0 DLL
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

HELLOWORLD - fead0633975c6c08f5509a7bd5c34d29bfdcacd3da47562efbf33121726f77b0

Mon, 18 Nov 2019 00:00:00 CEST

ATM MALWARE NOTICE: fead0633975c6c08f5509a7bd5c34d29bfdcacd3da47562efbf33121726f77b0
Family: HelloWorld

Filename: rtksys2.exe
Filetype: EXE/Windows
Filesize: 82.50 KB
Packer/compiler: MS Visual C++ 6.0 - 8.0
Screenshot: No
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

HELLOWORLD - 4b13c835e07ae4318d936e70451b49677c7063691749913c08efbea66959cf8c

Mon, 18 Nov 2019 00:00:00 CEST

ATM MALWARE NOTICE: 4b13c835e07ae4318d936e70451b49677c7063691749913c08efbea66959cf8c
Family: HelloWorld

Filename: rtkdrv2.exe
Filetype: EXE/Windows
Filesize: 170.00 KB
Packer/compiler: MS Visual C++ 6.0 - 8.0
Screenshot: No
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

XFSCASHNCR - d6dff67a6b4423b5721908bdcc668951f33b3c214e318051c96e8c158e8931c0

Wed, 28 Aug 2019 00:00:00 CEST

ATM MALWARE NOTICE: d6dff67a6b4423b5721908bdcc668951f33b3c214e318051c96e8c158e8931c0
Family: XFSCashNCR

Filename: died.exe
Filetype: EXE/Windows
Filesize: 1.06 MB
Packer/compiler: MS Visual C++ v8.0
Screenshot: No
Reference: Yes
Additional note: No
Potential PDB patch exposed inside: Yes

XFSADM - 2740bd2b7aa0eaa8de2135dd710eb669d4c4c91d29eefbf54f1b81165ad2da4d

Fri, 21 Jun 2019 00:00:00 CEST

ATM MALWARE NOTICE: 2740bd2b7aa0eaa8de2135dd710eb669d4c4c91d29eefbf54f1b81165ad2da4d
Family: XFSADM

Filename: XFS.exe
Filetype: EXE/Windows
Filesize: 265.00 KB
Packer/compiler: MS Visual C++ v8.0
Screenshot: No
Reference: Yes
Additional note: No
Potential PDB patch exposed inside: Yes

NVISOSPIT - d7ce7b152f0da49e96fa32a9336b35253905d9940b001288d0df55d8f8b3951f

Fri, 31 May 2019 00:00:00 CEST

ATM MALWARE NOTICE: d7ce7b152f0da49e96fa32a9336b35253905d9940b001288d0df55d8f8b3951f
Family: NVISOSPIT

Filename: am2.exe
Filetype: EXE/Windows
Filesize: 14.00 KB
Packer/compiler: Not available
Screenshot: Yes
Reference: Yes
Additional note: No
Potential PDB patch exposed inside: No

DISPCASH.19 - 7dde7f6da73c44cb19cf12e5e9174c2b8b2635e380aff5b89a045204803488a6

Fri, 17 May 2019 00:00:00 CEST

ATM MALWARE NOTICE: 7dde7f6da73c44cb19cf12e5e9174c2b8b2635e380aff5b89a045204803488a6
Family: DispCash.19

Filename: USBLOGGERzz.exe
Filetype: EXE/Windows
Filesize: 15.00 KB
Packer/compiler: MS Visual C++ v8.0
Screenshot: Yes
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: No

DISPCASH.19 - 4a75be18a3fe0033a9ebdb8f4af81c94e03581d19b5b4373e74e41283fd2615f

Fri, 17 May 2019 00:00:00 CEST

ATM MALWARE NOTICE: 4a75be18a3fe0033a9ebdb8f4af81c94e03581d19b5b4373e74e41283fd2615f
Family: DispCash.19

Filename: USBLOGGER.exe
Filetype: EXE/Windows
Filesize: 15.00 KB
Packer/compiler: MS Visual C++ v8.0
Screenshot: Yes
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOTV3 - b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c

Wed, 01 May 2019 00:00:00 CEST

ATM MALWARE NOTICE: b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c
Family: WinPotv3

Filename: xylipot.exe
Filetype: EXE/Windows
Filesize: 5.12 MB
Packer/compiler: Not available
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOTV3 - 70cc5070ce058682c1d44cef887c0ec8a50dba6b717802c5a8f2c8f2ed377c13

Tue, 23 Apr 2019 00:00:00 CEST

ATM MALWARE NOTICE: 70cc5070ce058682c1d44cef887c0ec8a50dba6b717802c5a8f2c8f2ed377c13
Family: WinPotv3

Filename: xwizard.txt
Filetype: EXE/Windows
Filesize: 4.02 MB
Packer/compiler: Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOTV3 - 1d6508cbe5f7ccaa991572f05aef52bab8a59851ca9a4367605a9637b10ae081

Tue, 23 Apr 2019 00:00:00 CEST

ATM MALWARE NOTICE: 1d6508cbe5f7ccaa991572f05aef52bab8a59851ca9a4367605a9637b10ae081
Family: WinPotv3

Filename: xwizard.txt
Filetype: EXE/Windows
Filesize: 4.02 MB
Packer/compiler: Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOTV3 - 20fb2edfcece271f87d006e263c4a6de48ed518901211a76dc38aac43e1b9d19

Tue, 23 Apr 2019 00:00:00 CEST

ATM MALWARE NOTICE: 20fb2edfcece271f87d006e263c4a6de48ed518901211a76dc38aac43e1b9d19
Family: WinPotv3

Filename: showme.exe
Filetype: EXE/Windows
Filesize: 1.11 MB
Packer/compiler: Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOTV3 - 009b677564b3ebb0831171edf3fb0deb0fa3b0010b74586e01d8df4af965ef3f

Tue, 23 Apr 2019 00:00:00 CEST

ATM MALWARE NOTICE: 009b677564b3ebb0831171edf3fb0deb0fa3b0010b74586e01d8df4af965ef3f
Family: WinPotv3

Filename: cscwserv.exe
Filetype: EXE/Windows
Filesize: 1.11 MB
Packer/compiler: Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

ATMOSPHERE - bf9c35d8f33e2651d619fe22a2d55372dedd0855451d32f952ecfc73fa824092

Tue, 02 Apr 2019 00:00:00 CEST

ATM MALWARE NOTICE: bf9c35d8f33e2651d619fe22a2d55372dedd0855451d32f952ecfc73fa824092
Family: Atmosphere

Filename: app3.exe
Filetype: EXE/Windows
Filesize: 96.00 KB
Packer/compiler: MS Visual C++ v6.0
Screenshot: No
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

ATMOSPHERE - e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000

Tue, 02 Apr 2019 00:00:00 CEST

ATM MALWARE NOTICE: e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000
Family: Atmosphere

Filename: lib_HkUEl.dll
Filetype: DLL/Windows
Filesize: 60.00 KB
Packer/compiler: MS Visual C++ 6.0 DLL
Screenshot: No
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

ATMITCH.B - 66db5b6b5dc51de7e5380f214f703bdc69ab3c3bec7c3b67179940a06560f126

Wed, 06 Mar 2019 00:00:00 CEST

ATM MALWARE NOTICE: 66db5b6b5dc51de7e5380f214f703bdc69ab3c3bec7c3b67179940a06560f126
Family: ATMitch.B

Filename: lib_puomf.dll
Filetype: DLL/Windows
Filesize: 152.00 KB
Packer/compiler: MS Visual C++ 6.0 DLL (Debug)
Screenshot: No
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: No

JAVA/DISPCASH - ef407db8c79033027858364fd7a04eeb70cf37b7c3a10069a92bae96da88dfaa

Mon, 04 Mar 2019 00:00:00 CEST

ATM MALWARE NOTICE: ef407db8c79033027858364fd7a04eeb70cf37b7c3a10069a92bae96da88dfaa
Family: Java/Dispcash

Filename: cab.file
Filetype: CAB/Archive
Filesize: 271.63 KB
Packer/compiler: Not available
Screenshot: No
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: Yes

JAVA/DISPCASH - 0149667c0f8cbfc216ef9d1f3154643cbbf6940e6f24a09c92a82dd7370a5027

Mon, 04 Mar 2019 00:00:00 CEST

ATM MALWARE NOTICE: 0149667c0f8cbfc216ef9d1f3154643cbbf6940e6f24a09c92a82dd7370a5027
Family: Java/Dispcash

Filename: INJX_PURE.jar
Filetype: JAR/Java
Filesize: 254.99 KB
Packer/compiler: Not available
Screenshot: No
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: No

HELLOWORLD - 867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a

Mon, 25 Feb 2019 00:00:00 CEST

ATM MALWARE NOTICE: 867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a
Family: HelloWorld

Filename: dispenserXFS.exe
Filetype: EXE/Windows
Filesize: 25.50 KB
Packer/compiler: MS Visual C++ v8.0
Screenshot: Yes
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: Yes

HELLOWORLD - 2de4a510ee303c04c8d7bd59b7987b22c3471c9f4ba69b5f83ba36de88b63a8d

Sun, 30 Dec 2018 03:41:13 CEST

ATM MALWARE NOTICE: 2de4a510ee303c04c8d7bd59b7987b22c3471c9f4ba69b5f83ba36de88b63a8d
Family: HelloWorld

Filename: HelloWorld2_protected.exe
Filetype: EXE/Windows
Filesize: 1.13 MB
Packer/compiler: Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)
Screenshot: Yes
Reference: Yes
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOT - 0720db2469a61d41c1e67a8f32020927a32422a5d58067bb328a2ff407e14e98

Tue, 11 Dec 2018 00:00:00 CEST

ATM MALWARE NOTICE: 0720db2469a61d41c1e67a8f32020927a32422a5d58067bb328a2ff407e14e98
Family: WinPot

Filename: WinPot_Demo.exe
Filetype: EXE/Windows
Filesize: 1.08 MB
Packer/compiler: Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOTV3 - 8d7f932d8236671018c5cd02781301134aa6df315253f7a56559350d2616ff8e

Thu, 29 Nov 2018 17:39:00 CEST

ATM MALWARE NOTICE: 8d7f932d8236671018c5cd02781301134aa6df315253f7a56559350d2616ff8e
Family: WinPotv3

Filename: CSC.scr
Filetype: EXE/Windows
Filesize: 3.58 MB
Packer/compiler: Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOTV3 - e2c87bca353016aced41305ddd66ee7430bf61a20c0f4c8c0f0650f006f05160

Thu, 29 Nov 2018 00:00:00 CEST

ATM MALWARE NOTICE: e2c87bca353016aced41305ddd66ee7430bf61a20c0f4c8c0f0650f006f05160
Family: WinPotv3

Filename: showme.scr
Filetype: EXE/Windows
Filesize: 1.10 MB
Packer/compiler: Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No

WINPOTV3 - 6670ccc940cca6983340dbce1a9bbce7b49643ac924e18ca25def8b632b70720

Thu, 29 Nov 2018 00:00:00 CEST

ATM MALWARE NOTICE: 6670ccc940cca6983340dbce1a9bbce7b49643ac924e18ca25def8b632b70720
Family: WinPotv3

Filename: cscwserv.scr
Filetype: EXE/Windows
Filesize: 1.10 MB
Packer/compiler: Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)
Screenshot: Yes
Reference: No
Additional note: Yes
Potential PDB patch exposed inside: No