KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2012 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2414

Page 13 of 46

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Apr 06, 2012 2:22 am
by thisisu
Windows Care Taker
FakeVimes
pass: infected
https://www.virustotal.com/file/23f93e8 ... 333678529/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Apr 06, 2012 8:55 am
by thisisu
Windows Efficiency Reservoir
FakeVimes - 1c46b8828d2b3e53ae716e95476f2748
pass: infected
https://www.virustotal.com/file/5f832c0 ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Apr 08, 2012 6:05 pm
by thisisu
Windows Stability Maximizer
FakeVimes - d70cdfd4057d795d572ae33bffc24f2e
pass: infected
https://www.virustotal.com/file/c133a9a ... 333907797/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Apr 10, 2012 7:27 am
by thisisu
Windows Component Protector
FakeVimes - 1dab271a588c305cfc7e71df36d9a91c
pass: infected
https://www.virustotal.com/file/b4b8ad1 ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Apr 10, 2012 9:19 am
by rkhunter
Smart Fortress distributed under VirTool:Win32/Obfuscator.WT, don't seen it before.

MD5: 38F1879027084D3DFC5981332D81BF08
https://www.virustotal.com/file/288f197 ... 334049246/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Apr 10, 2012 11:57 am
by violasylve
rkhunter wrote:Smart Fortress distributed under VirTool:Win32/Obfuscator.WT, don't seen it before.

MD5: 38F1879027084D3DFC5981332D81BF08
https://www.virustotal.com/file/288f197 ... 334049246/
Hi, there.

I just could not run the downloaded file in my VM. Any help?

Thx :lol:

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Apr 10, 2012 8:57 pm
by Ommenator
violasylve, maybe you already know this but if a sample has no extension, you must rename it and end it with .exe in order to run it. But in this case, even renamed, it does not run.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Apr 11, 2012 12:10 am
by violasylve
Ommenator wrote:violasylve, maybe you already know this but if a sample has no extension, you must rename it and end it with .exe in order to run it. But in this case, even renamed, it does not run.
I was trying to rename it as example.exe, but failed. I just wanna test that sample - For me, a new computer virus/HIPS fan. :D

Thank you.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Apr 11, 2012 5:15 pm
by thisisu
Windows Antibreaking System
FakeVimes - 8b0c16a50c0bca1eb0b45bd411eb30e5
pass: infected
https://www.virustotal.com/file/2667936 ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Apr 13, 2012 8:07 am
by Xylitol
swf landing
https://www.virustotal.com/file/6df85cf ... 334304508/
All times are UTC
Page 13 of 46
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/