KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2011 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2233

Page 29 of 34

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Nov 09, 2011 6:32 pm
by Blaze
OK, thanks for the feedback guys !

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Nov 12, 2011 12:16 am
by HackJack
AV Security 2012

http://www.virustotal.com/file-scan/rep ... 1321055800

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Nov 13, 2011 3:01 pm
by rough_spear
Hi Everybody, :D

SYSTEM RESTORE :evil:

Dropper File - w.php.4.exe
VT link - http://www.virustotal.com/file-scan/rep ... 1321110224
MD5 : c2b22e3118c76204cb4ee757f6ab92df
SHA1 : 3d116dd918efcc9c38ce669813a23dc23207ca6e
SHA256: 3fed97347ee42421197495057b7531397f4b761f48c7bb463282c418778b6a6e
ssdeep: 12288:Kz8Z7yx04tVuwlESx7IbeTuNY7GfmqTOoC9b5UyL9:t14VPwoudaoTy
File size : 496640 bytes

Dropped Files -

8hRnojakbi119d.exe
VT link - http://www.virustotal.com/file-scan/rep ... 1321195448
MD5 : c6b15d582cc107e0be1e213a19a920bd
SHA1 : 0ce96aa5cf58b7fd257daf64008f04eeae969c46
SHA256: 9b22c19bcdb33cd54247557d235ef34d817da6f23c8af43d6d66688a23ffd8ae
ssdeep: 6144:Az8yBZuhyu2iipBV4V1tMdeIMA17jmctq0gKhEQFi+yn1y1m9SRW63y3a6yBRJq3:Az8Bz
3iiudEA17jmctq07Ep+A1y1mF6G
File size : 385024 bytes

and BA97.tmp
VT link - http://www.virustotal.com/file-scan/rep ... 1321193539
MD5 : 97bc7ce7a6ea9af88ea62220512f1112
SHA1 : cebb08b753b30e251da2136618ddeb58d13fac26
SHA256: 531029ef45543ba26dba529fe466ae902c0b7911ac0f7a8b43e8c14811a3b67f
ssdeep: 6144:t0uHK2v3fWAUaWjIDvq/SHgXHsZHhY/dskE4AgK2ak:t0UxfiOvq/SiHIaaYK2a
File size : 335872 bytes


Regards,

rough_spear. 8-)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Nov 13, 2011 3:55 pm
by markusg
9SrQQbeTkFJrsC.exe
MD5   : 48a84c01ced4be24ffda9acb28737b5c
https://www.virustotal.com/file-scan/re ... 1321189535
LEnXuYtOREFxPor.exe
MD5   : 4c486111eb5e4e406d83b7b485da9f39
https://www.virustotal.com/file-scan/re ... 1321190028
rJkidNSDHNQGC.exe
MD5   : 86efcd6dfd7a9436c6e16d822142f917
https://www.virustotal.com/file-scan/re ... 1321198738

Re: Fraud/Rouge software

PostPosted:Thu Nov 24, 2011 12:48 pm
by ISergey256
Cloud AV 2012

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Nov 29, 2011 4:02 pm
by EP_X0FF
FakeAV's dump from captured blackhole (courtesy of Xylitol), 40 Mb when unpacked, all fresh and cleared from AV detections. Pass malware, multipart rar archive.
Includes "Security Sphere" + Necurs.

w.php Pages

PostPosted:Wed Nov 30, 2011 8:51 am
by BachMinuetInG
Got some files from w.php pages.
Example:
lajhkvnwkqgjkasgoiqrht.c0m.li/w.php?f=17&e=6

Re: w.php Pages

PostPosted:Wed Nov 30, 2011 8:56 am
by EP_X0FF
xwxproductions wrote:Got some files from w.php pages.
Example:
lajhkvnwkqgjkasgoiqrht.c0m.li/w.php?f=17&e=6
This is blackhole link format.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Nov 30, 2011 9:27 am
by BachMinuetInG
Security Sphere 2012
New file found!
anti-malware.exe
From iFrame Exploit
Does anyone have XP Security 2012 (Newer version)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Dec 04, 2011 12:46 am
by HackJack
new sample of fakerean
All times are UTC
Page 29 of 34
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/