KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2011 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2233

Page 2 of 34

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Jan 20, 2011 4:36 pm
by Xylitol
Security Shield rogue, full undetected: https://www.virustotal.com/file-scan/re ... 1295541138

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Jan 20, 2011 4:42 pm
by EP_X0FF
Xylitol wrote:Security Shield rogue, full undetected: https://www.virustotal.com/file-scan/re ... 1295541138
No surprise :) These guys has very good cryptor support. And it's server side, same sample downloaded few minutes after yours, the same but different :)

http://www.virustotal.com/file-scan/rep ... 1295542056

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Jan 20, 2011 6:06 pm
by markusg
are there no urls for the last 2 or have i missed :-)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Jan 20, 2011 6:27 pm
by EP_X0FF
markusg wrote:are there no urls for the last 2 or have i missed :-)
hxxp://satel12vc.co.cc/inst.exe :)

here we go with generic's

http://www.virustotal.com/file-scan/rep ... 1295548000

Palladium Pro

PostPosted:Fri Jan 21, 2011 8:51 pm
by gigaz
Palladium Pro

VirusTotal Results:
http://www.virustotal.com/file-scan/rep ... 1295642152


Starts during the windows boot process, modifies registry to start on safe mode, does not allow to show the desktop and run apps.

Image

Main UI
Image

Re: Any1 have Antivirus 2010

PostPosted:Mon Jan 24, 2011 4:47 am
by redcodefinal
Xylitol wrote:i dont like guys who request something when he have only one post.

seem he have anti-vm but i'm lazy to find them...
why do you need it?
I'm looking to infect a billion computers with it BWHAHAHAHA! No, I am looking for it for research. I've been studying computer security for 2 years and have taken a course called Offensive Security -> (http://www.offensive-security.com/). Also run my own Youtube security channel in case your interested-> (http://www.youtube.com/user/redcodefinal). I wanted to A:See what it installs, where it installs it, reg keys it uses etc. (I know I can find this on the internet but, I like to do things myself) and then I want to fuzz the application to see if I can create a usable buffer overflow. I was really hoping to make my own solution as a learning tool. Also sorry @EP_X0FF, I'm new and kind of suck, please forgive me ;_;.

-Ian

Spyware Protection

PostPosted:Mon Jan 24, 2011 6:48 pm
by Xylitol
Spyware Protection

drop Spyware Protection
serial: SL55J-T54YHJ61-YHG88

Image

http://www.virustotal.com/file-scan/rep ... 1295894768

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Jan 25, 2011 9:36 am
by Xylitol
fake defrager: windows scan
Code: Select all
Thank you for your purchase, Windows Scan!
Your activation code: 0973467457475070215340537432225
EDS URL: http://edsfull.com/customers/dl/Defrag.exe
Contact us through Help&Support section in the Windows Scan menu or by phone +1-877 282 0139
drop files in %appdata%

http://www.virustotal.com/file-scan/rep ... 1295948222

Neovaccine

PostPosted:Tue Jan 25, 2011 10:21 pm
by Xylitol
Neovaccine

http://www.virustotal.com/file-scan/rep ... 1295993200

Image

Safecare

PostPosted:Wed Jan 26, 2011 7:37 pm
by Xylitol
Safecare

http://www.virustotal.com/file-scan/rep ... 1296069753

Image
All times are UTC
Page 2 of 34
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/