KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2012 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2414

Page 44 of 46

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Nov 06, 2012 9:35 am
by Maxstar
PC Defender Plus

Image

https://www.virustotal.com/file/60829f4 ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Nov 06, 2012 11:55 pm
by Xylitol
Hmm PC Defender Plus...
Code: Select all
authenticatesyahoostyle.info - 91.242.217.86
spoilsdecelerators.biz - 91.242.217.85
secure.9billing.com - 91.242.217.24
---
Micorsoft Essential Security Pro 2013
https://www.virustotal.com/file/275952e ... 352246161/
Image

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Nov 10, 2012 11:58 am
by rough_spear
Hi All, :D

Here is Security Shield

File - 333bLnL1H4KaHc.exe

SHA256: c2509fc10445890764f58aa059e116782b7640d51e40ad897789ca7b32b21cba
SHA1: cca76665dffb26b8ad853ba3b439df83fcd0c756
MD5: 00ed599479522b9011426aafc9f1a477

VT link - https://www.virustotal.com/file/c2509fc ... /analysis/

File - 01e04111.exe

SHA256: 0033ba8fa5f9b9b7a836f6d5c80c8ce33f25ea46df13d354faa5363451dde208
SHA1: 8fb2d282a42d6ea1dea62c06f38bbf2917f320a6
MD5: 9bd999f604badc0ae9bc74e26904515d

VT link - https://www.virustotal.com/file/0033ba8 ... 352548486/

Regards,

rough_spear. ;)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Nov 13, 2012 5:52 pm
by Win32:Virut
Hello,

another 2 samples of XP/Vista/Win 7 Antispyware/Antivirus Pro 2013

File attached.

Image
Password is "infected" without quotes
(231.6 KiB) Downloaded 78 times
EDIT:

5 another samples
Password is "infected" without quotes
(233.87 KiB) Downloaded 83 times

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Nov 14, 2012 11:36 am
by Win32:Virut
142 samples of System Progressive Protection

http://www.sendspace.com/file/mfg66b

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Nov 17, 2012 7:32 am
by hx1997
System Progressive Protection

MD5: 5DE95789F50CBC2AFC3B623F6B215BF4
SHA1: A8B1F287024709BA2C9DDBD078D639A155BCF211

MD5: A88BA19AF6845042D2DEAE95864DACA5
SHA1: C119DB4F57488CE42D787254F5B39E8E0F23EEE1

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Nov 17, 2012 7:16 pm
by Win32:Virut
344 samples of System Progressive Protection

344.7z.001
344.7z.002
344.7z.003
344.7z.004
344.7z.005
344.7z.006
344.7z.007
344.7z.008
344.7z.009

Password is "infected" without quotes.

Rogue:Win32/FakeRean

PostPosted:Wed Nov 21, 2012 4:53 pm
by Win32:Virut
SHA256: 38c014ba6e85caf7bc8be0922dd8f34380a45a964e9fab1c3678a97dbe65afcb
SHA1: 0a1203793e77122e4f208f920a42188f84bf74ed
MD5: 80398049ce39ae416e2f3a14f5022082
File size: 235.8 KB ( 241503 bytes )
File name: nyw.exe
File type: Win32 EXE
Tags: peexe
Detection ratio: 27 / 43
Analysis date: 2012-11-21 13:43:55 UTC ( 3 godziny, 4 minuty ago )
https://www.virustotal.com/file/38c014b ... /analysis/

Thanks in advance.

Re: Rogue:Win32/FakeRean

PostPosted:Thu Nov 22, 2012 2:47 am
by SC_
http://dl.dropbox.com/u/69242790/sample.zop
Password: infected

rename to zip.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Nov 22, 2012 12:19 pm
by Win32:Virut
Win 7 Antispyware Pro 2013

uploaded by SC_:
http://www.kernelmode.info/forum/viewto ... 758#p16758
All times are UTC
Page 44 of 46
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/