SecurityHome.eu W32.Pixipos

Home / malware PDF

W32.Pixipos

First posted on 02 April 2014.
Source: Symantec
Aliases :
There are no other names known for W32.Pixipos.
Explanation :
When the worm is executed, it creates the following file:
%UserProfile%\Application Data\win.sxs

The worm then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Taskbar" = "%UserProfile%\Application Data\win.sxs"

The worm then gathers data from point of sales (PoS) systems and uploads the data to the following remote location:
yo.u-know-who.com/ss/gate.php

The worm spreads through removable drives using the following files:
%DriveLetter%\win.sxs%DriveLetter%\autorun.inf
Last update 02 April 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

W32.Changeup!gen47
W32.Golroted
W32.Meteit!gen1
W32.Tempedreve!gm
W32.Picazburt!gm
W32.IRCBot!gen3
W32.Plagent
W32.Babonock
W32.Meteit!inf
W32.Qakbot!gen9