ATMMalScan is a command line tool for operating systems Windows 7 ή νεότερης έκδοσης, το οποίο βοηθά στην αναζήτηση malicioussoftware to an ATM with the DFIR process.
The program examines a system's current processes, as well as the hard disk, depending on the specified file path. A user with standard rights is sufficient to scan a system. However, ATMMalScan provides better results with administrator rights.
Problems
Currently ATMMalScan does not support pages that require Unicode, which means that on Windows operating systems that have been set e.g. in Cyrillic or Chinese it may have no effect.
Use (Example)
Step 1: Process and disk memory scan. Check if administrator privileges are available in device for best results!
Step 2: ATMMalScan detects malware called XFS_DIRECT and gives details of the threads and rules that match.
In addition, it has saved a complete processmemory to disk to detect malicious process, sections, and stack and heap pages.
Step 3: You will find Dump here \ Dump.
Step 4: Open the dumpfile with Windbg and extract the ATM malware to disk using ".writemem"
Step 5: Fix the dumped PE with one of your favorite PE-Fixers and start analyzing the malware in detail.
You can download the program from here.