MSIL/Padpin [Threat Name] go to Threat

MSIL/Padpin.A [Threat Variant Name]

Category trojan
Size 118784 B
Aliases MSIL:Tyupkin-A (Avast)
  Backdoor:MSIL/Sidkey.A (Microsoft)
Short description

MSIL/Padpin.A is a trojan engineered to plunder a certain type of ATM (Automatic Teller machine).


When executed, the trojan copies itself into the following location:

  • %system%\­ulssm.exe

In order to be executed on system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%variable%Debug" = "%system%\­ulssm.exe"

A string with variable content is used instead of %variable% .

Other information

The trojan serves as a backdoor.

It may perform the following actions:

  • remove itself from the infected computer
  • show/hide application windows
  • dispense money from device

Please enable Javascript to ensure correct displaying of this content and refresh this page.