KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2013 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=75

Page 13 of 15

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Sat Oct 05, 2013 11:05 am
by Win32:Virut
MD5: 5b15886809dd1b62ae633d5471790f6d
File size: 546.6 KB ( 559768 bytes )
File name: contacts.exe
File type: Win32 EXE
Detection ratio: 4 / 48
Analysis date: 2013-10-05 10:58:53 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/7d44 ... 380970733/
Publisher: Ingenieursbureau Matrix B.V.
Signature verification: Signed file, verified signature
Signing date: 11:59 AM 10/5/2013
Signers:
[+] Ingenieursbureau Matrix B.V.
[+] VeriSign Class 3 Code Signing 2010 CA
[+] VeriSign

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Sun Oct 06, 2013 10:13 am
by Win32:Virut
MD5: c46f7e3fad57aed27db9cc98cb5cf87a
File size: 524.6 KB ( 537240 bytes )
File name: an333333.exe
File type: Win32 EXE
Detection ratio: 8 / 48
Analysis date: 2013-10-06 10:08:33 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/173c ... 381054113/

Attached with some other dropped samples.

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Tue Oct 08, 2013 8:39 am
by Xylitol
Antimalware
https://www.virustotal.com/en/file/f79c ... 381221528/
Code: Select all
GET /info.php?idd=1760
Host: antivm.com
---
GET /check?pgid=10
Host: www.antivm.com
---
GET /percer.php?login=MTc2MA== HTTP/1.1
Host: www.antivm.com
---
GET http://www.antivm.com/shop?abc=cGdpZD0xMCZyPTE3NjA=

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Sun Oct 27, 2013 7:35 pm
by Win32:Virut
158 samples - Antivirus Security Pro

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Mon Oct 28, 2013 1:32 pm
by grum
Xylitol wrote:Antimalware
https://www.virustotal.com/en/file/f79c ... 381221528/
Code: Select all
GET /info.php?idd=1760
Host: antivm.com
---
GET /check?pgid=10
Host: www.antivm.com
---
GET /percer.php?login=MTc2MA== HTTP/1.1
Host: www.antivm.com
---
GET http://www.antivm.com/shop?abc=cGdpZD0xMCZyPTE3NjA=

:lol: base one old projetcs src in sale

http://www.xylibox.com/2011/11/fakeavfa ... e-for.html

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Tue Oct 29, 2013 6:50 pm
by Grinler
Good stuff! Thanks for sharing.

He seemed strangely open with sharing.

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Sun Nov 10, 2013 11:01 pm
by TwinHeadedEagle
Smart Fortress 2012

https://www.virustotal.com/en/file/b561 ... 384123757/
https://www.virustotal.com/en/file/5588 ... 384123763/

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Mon Nov 18, 2013 6:02 am
by bitstechs
MAXS wrote:Smart Fortress 2012

https://www.virustotal.com/en/file/b561 ... 384123757/
https://www.virustotal.com/en/file/5588 ... 384123763/

Old?

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Sat Nov 23, 2013 1:16 pm
by hx1997
21 recent FakeAVs

Some of them are digitally signed. lol

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Wed Dec 04, 2013 12:20 pm
by Xylitol
Windows Active HotSpot
https://www.virustotal.com/en/file/1cab ... 386159457/
Code: Select all
hxtp://93.115.82.248/?0=5&1=1&2=4&3=i&4=2600&5=0&6=1111&7=emaesylmty
All times are UTC
Page 13 of 15
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/