KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2012 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2414

Page 42 of 46

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Oct 01, 2012 5:12 pm
by thisisu
TeamRocketOps wrote:XP Defender 2013
Looks like NameChanger / FakeRean season is here :lol:

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Oct 01, 2012 6:40 pm
by Win32:Virut
frame4-mdpro wrote:
Win32:Virut wrote:Key:
Code: Select all
3425-814615-3990
Is this for the XP Defender 2013 ?
yes, this is for XP Defender 2013 / Win 7 Defender 2013

Re: Malware/Not classified

PostPosted:Tue Oct 02, 2012 6:02 pm
by Win32:Virut
One more sample, detected only by AhnLab:
https://www.virustotal.com/file/6aec1a0 ... /analysis/
Attached.

Looks like FakeAV.

EDIT

This is System Progressive Protection. Can you move this post?

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Oct 05, 2012 7:37 am
by Xylitol
landing and panel cash

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Oct 05, 2012 12:58 pm
by dumb110
^^^ Fake IObit scanner...you dont have the exe file??

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Oct 09, 2012 5:58 am
by rough_spear
Hi All, :D

SKYPE users targeted by Ransomware.

Web link - hxxp://goo.gl/5q1sx?img=radix.abhijeetsawant


Regards,

rough_spear. ;)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Oct 09, 2012 6:57 am
by rough_spear
Hi, :D

Here is one more Fake AV.

Urls -

hxxp://178.77.103.54:8080//get/faa91cf5e79a76602f094ed38fad5872.exe
hxxp://188.212.156.180:8080//get/faa91cf5e79a76602f094ed38fad5872.exe
hxxp://202.169.224.202:8080//get/faa91cf5e79a76602f094ed38fad5872.exe
hxxp://50.22.136.150:8080/get/faa91cf5e79a76602f094ed38fad5872.exe

Regards,


rough_spear. ;)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Oct 14, 2012 1:37 am
by Cody Johnston
System Progressive Protection

Fresh Sample

Low detection

VT 3/43

https://www.virustotal.com/file/59394be ... 350178423/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Oct 14, 2012 9:12 am
by Buster_BSA
TeamRocketOps wrote:System Progressive Protection

Fresh Sample

Low detection

VT 3/43

https://www.virustotal.com/file/59394be ... 350178423/
This sample calls DSEditSecurity function. What is the purpose of that?

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Oct 14, 2012 10:05 am
by EP_X0FF
Buster_BSA wrote:
TeamRocketOps wrote:System Progressive Protection

Fresh Sample

Low detection

VT 3/43

https://www.virustotal.com/file/59394be ... 350178423/
This sample calls DSEditSecurity function. What is the purpose of that?
There is no purpose like any other. This is a part of fake import table.
All times are UTC
Page 42 of 46
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/