KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2013 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=75

Page 14 of 15

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Wed Dec 04, 2013 10:06 pm
by bitstechs
Hmm, a FakeAV using the winlocker method. That's a little different. Thanks for the upload.

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Tue Dec 10, 2013 3:36 pm
by Win32:Virut
Smart Guard Protection

Image

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Tue Dec 17, 2013 5:42 pm
by Win32:Virut
Dream Scan Soft

Image

https://www.virustotal.com/en/file/c578 ... 387303248/

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Tue Dec 17, 2013 6:20 pm
by Grinler
Any idea how its spread?

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Tue Dec 17, 2013 6:23 pm
by Win32:Virut
I have downloaded it from:
Code: Select all
hxxp://rghost.net/50995422
Payment page:
Code: Select all
hxxp://futsyscarepay.com/payment.php
"Futurro Antivirus Unlimited license" :lol: Futurro Antivirus seems to be another rogue, I found only one thread about it: http://www.malwareremoval.com/forum/vie ... 11&t=62376

https://www.virustotal.com/en/file/247b ... /analysis/ - Publisher name is Futurro Soft. I'll request it in the Malware requests.

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Tue Dec 17, 2013 7:41 pm
by Xylitol
Code: Select all
http://futsyscarepay.com/payment_process.php
> https://migs.mastercard.com.au/vpcpay (vpc_Merchant=9800000100)
>> https://www.vbv.ktb.co.th/vbvads/paWarning.aspx
• dns: 1 ›› ip: 130.185.105.68 - adresse: FUTSYSCAREPAY.COM
• dns: 1 ›› ip: 203.42.65.51 - adresse: MIGS.MASTERCARD.COM.AU *legit*
• dns: 1 ›› ip: 202.12.117.153 - adresse: WWW.VBV.KTB.CO.TH *legit*
SCAREpay.com seriously ?

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Sat Dec 21, 2013 4:35 pm
by Cody Johnston
Windows Efficiency Console

Image

MD5 d329fd901e1b63a82ae7fea8a85bf541

VT (8/49):
https://www.virustotal.com/en/file/0b00 ... /analysis/

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Sat Dec 21, 2013 8:03 pm
by Win32:Virut
8 samples

Smart Guard Protection

Smart Guard Protection

PostPosted:Mon Dec 23, 2013 1:40 am
by bitstechs
Smart Guard Protection

VirusTotal 9/40: https://www.virustotal.com/en/file/9dc9 ... 387761290/

Image

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Mon Dec 23, 2013 1:55 pm
by Win32:Virut
Windows Premium Shield

Image
All times are UTC
Page 14 of 15
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/