KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2012 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2414

Page 10 of 46

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Mar 16, 2012 10:53 am
by Maxstar
19 x Winwebsec

03/15/2012 03:50 AM 352,256 89a671b575eeca75c6c9713c647bd408
03/15/2012 03:49 AM 352,256 f345ba3490d9f6d8a7de5cfad2f53ae1
03/15/2012 03:47 AM 352,256 7d4ce8de5199fadfc44e0dfabf057f3f
03/15/2012 03:44 AM 352,256 ffe2d2dd736ffefc03ab601d330371c6
03/15/2012 03:42 AM 352,256 a0c7bea008ecaf847351eb2d86e4dd1d
03/15/2012 03:41 AM 352,256 0ed2c05b7c15206d4b89f5065ddc6449
03/15/2012 03:40 AM 352,256 a308af551bb088232291e9a06a0d47cf
03/15/2012 03:38 AM 352,256 d77be88f20488ad06dbbaf6d71c1ab6a
03/15/2012 03:37 AM 352,256 69799ba47fff4d7e80177ce7b1169adb
03/15/2012 03:36 AM 352,256 a82f192489f534b16996e972728e25c0
03/15/2012 03:35 AM 352,256 8b9fc8f9e3fc30362ae5e4bf920a5c42
03/15/2012 03:33 AM 352,256 612bd44f3ab943dc4e0d6a8cc164a389
03/15/2012 03:32 AM 352,256 8fc713f2a8643f338b200b70dd2a83e7
03/15/2012 03:31 AM 352,256 d95cc5864b6e7e633a1085834ec8df88
03/15/2012 03:30 AM 352,256 1a932a6c815031b5c004c19282ea2368
03/15/2012 03:29 AM 352,256 9eee297848d36603053b4287920dba3a
03/15/2012 03:28 AM 352,256 0ec349d2b3ab65d34d6947398288099f
03/15/2012 03:27 AM 352,256 192fdc3a6a12d4548db186f7336e7ffc
03/15/2012 03:26 AM 352,256 0bdcaf6dd498c859c04e5ca00d1514f2

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Mar 17, 2012 11:00 am
by rkhunter
Maxstar wrote:19 x Winwebsec
Thank you for the samples. All Winwebsec are Smart Fortress. I don't remember such huge of spread of FakeAV as Smart Fortress at last weeks.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Mar 17, 2012 5:10 pm
by rkhunter
FakeSysdef returned

MD5: 8CE6D0D9F6906F3BF0233A3090226F11
3/43

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Mar 19, 2012 5:08 pm
by Neurofunk
https://www.virustotal.com/file/e849b92 ... 332176548/
316179acea216ab2a01b1d1df41b7533
7/43

Security Shield (not sure of family)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Mar 19, 2012 6:00 pm
by rkhunter
Neurofunk wrote:Security Shield (not sure of family)
Yep, it. Winwebsec.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Mar 21, 2012 4:51 am
by thisisu
Windows Guardian Angel
FakeVimes
pass: infected
https://www.virustotal.com/file/89f6827 ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Mar 22, 2012 6:07 am
by thisisu
Windows Problems Stopper
FakeVimes
pass: infected
https://www.virustotal.com/file/9ed2a60 ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Mar 23, 2012 4:14 am
by thisisu
Windows Process Director
FakeVimes
pass: infected
https://www.virustotal.com/file/be8e71a ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Mar 24, 2012 2:12 am
by thisisu
Smart Fortress 2012
Winwebsec
pass: infected
https://www.virustotal.com/file/d6d716a ... 332554880/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Mar 27, 2012 11:28 pm
by Ommenator
Internet Security
MD5: 08f496e4a07b89ce4a72d3d0b9f0fd4b
Run from CommonAppData
All times are UTC
Page 10 of 46
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/