ATMii targets ATMs running Windows 7 and Windows Vista. ATMii is pretty straightforward, it consists of two modules Control module 'exe.exe' and injecting module 'dll.dll'. To infect ATMs with this malware, adversaries need direct access to target machines, either over the network or physically (e.g. over USB). It is capable of performing three malicious operations, including: obtaining an exact list of bills the ATM contains, making the ATM dispense a specified amount of cash, or self-destructing by deleting a local config file.
| 7fac4b739c412b074ee13e181c0900a350b4df9499515febb75008e6955b9674 | HEUR:Trojan.Win32.Generic | Download |
| 0ef71569308d44e89bde48096c67caf73ec177c1c970a2fd843fd3a094502d78 | HEUR:Trojan.Win32.Generic | Download |
| 5f5d483c1fcd1638b32d11183c5ed5fd36362fb12d62e1d9940b47906733d672 | HEUR:Trojan.Win32.Generic | Download |
| d74cbd2e39dc0a00dc4c0fb0823c5a86455cdad2be48d32866165c9e5557c3e0 | Backdoor.Win32.ATMii.d | Download |