KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2012 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2414

Page 40 of 46

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Aug 27, 2012 9:29 am
by Win32:Virut
Security Shield - Winwebsec

_http://animeprogramssitterschedule.pro/index/down/index.html

Edit: Uploaded already by dumb110

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Aug 29, 2012 11:05 am
by dumb110
Security Shield-Another new icon! ;)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Aug 30, 2012 6:19 pm
by Win32:Virut
Braviax family.

Win 8 Security System

Image

Rogue:Win32/Winwebsec

PostPosted:Fri Aug 31, 2012 8:47 am
by prim
Hi. I'm looking for malware:
MD5: c05c2118f9c90bf9e1837b37fca33ba0
https://www.virustotal.com/file/7057c70 ... /analysis/

Re: Malware Requests, part 2

PostPosted:Fri Aug 31, 2012 8:58 am
by Xylitol
prim wrote:Hi. I'm looking for malware:
MD5: c05c2118f9c90bf9e1837b37fca33ba0
https://www.virustotal.com/file/7057c70 ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Sep 01, 2012 11:42 am
by rough_spear
Hi All,
14 samples of platinum Security suite 6.3.1.
also web urls

i also found that it download the Platinum Security Suite from the below Url.

hxxp://209.20.78.241:84//get/3b0c6a8305cc89cf77f3c9616a569e78.exe

Regards,


rough_spear. ;)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Sep 01, 2012 12:59 pm
by Win32:Virut
@rough_spear
This is Live Security Platinum.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Sep 01, 2012 5:38 pm
by thisisu
Win32:Virut wrote:Braviax family.

Win 8 Security System
Two writeups (thanks TonyKlein for share)

http://hitmanpro.wordpress.com/2012/08/ ... s-rootkit/
http://blogs.mcafee.com/mcafee-labs/win ... us-malware

__

It's a Necurs/Bubnix rootkit right?
http://www.virusradar.com/Win32_TrojanD ... escription

I didn't see that any of the blogs mentioned its name.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Sep 01, 2012 7:27 pm
by B-boy/StyLe/
Yes,

It's Necurs. FRST can handle it pretty well too. :)


Regards,
Georgi

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Sep 05, 2012 7:27 am
by rough_spear
Hi All,
6 New droppers and dropped files of FakeAV.

Urls in Url.txt file

Regards,


rough_spear. ;)
All times are UTC
Page 40 of 46
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/