KernelMode.info

Looking for dropper of "Windows No-Risk Agent". Thanks!

EDIT: Never mind, its the same as "Windows Problems Stopper" and several others.

Hi All, :D
Here is Windows Software Saver.

File - setup.exe
weblink -
hxxp://centerscannerprocesses.info/bb61f9bcec711d56/6/
hxxp://durhampowerequipment.com/mailer/examples/av6.php

VT link - https://www.virustotal.com/file/945be94 ... /analysis/

File - Protector-mfhh.exe
VT link - https://www.virustotal.com/file/2c0f5ee ... /analysis/


Regards,

rough_spear. ;)

Hi All, :D

Windows Managing System. :evil:

Files - setup.exe ---> dropper.
web link - hxxp://cleanavcenter.info/bb61f9bcec711d56/6/setup.exe
VT link - https://www.virustotal.com/file/942a388 ... 333016871/
MD5 - 7dffd5694a23451c9acd831f4e458b2b

File - Protector-xxxx.exe (xxxx= some random characters) ----> dropped.
VT link - https://www.virustotal.com/file/065424a ... 333017057/
MD5 - 37f5df628ae15d07f8d5a1198043acb3

Regards,

rough_spear. ;)

Smart Fortress 2012
Winwebsec
pass: infected
https://www.virustotal.com/file/273420c ... 333094895/

One more "Windows Managing System" - FakePAV.

MD5: 615313C1ED7C4AD298AC361EC1534933
2/42

Windows Trouble Taker
FakeVimes
pass: infected
https://www.virustotal.com/file/494769d ... /analysis/

Windows Trouble Taker
FakeVimes
pass: infected
https://www.virustotal.com/file/fdfb833 ... /analysis/

Rogue Winwebsec (alias Security Shield and other non meaninful names). Comes from very lazy guys (firstly this pack was discovered about 1 year ago) that have outdated BH software and old malware packs along with fresh recrypted samples. 79 samples in multipart RAR archive, pass "infected" without quotes.

Typical current detection according to VT

9 / 42

Windows Managing System
FakeVimes
pass: infected
https://www.virustotal.com/file/0a662bd ... 333145933/

Fresh with low detection ratio. Pass "infected" without quotes.

https://www.virustotal.com/file/23fc540 ... 333164424/