KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2012 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2414

Page 12 of 46

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Mar 31, 2012 6:38 pm
by thisisu
Windows First-Class Protector
FakeVimes
pass: infected
https://www.virustotal.com/file/4192d10 ... 333219020/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Apr 01, 2012 3:13 pm
by rkhunter
Seems a huge spread of "Smart Fortress" down.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Apr 01, 2012 6:34 pm
by thisisu
Windows Activity Debugger
FakeVimes
pass: infected
https://www.virustotal.com/file/fe3caab ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Apr 01, 2012 6:53 pm
by thisisu
Windows Activity Debugger
FakeVimes
pass: infected
https://www.virustotal.com/file/88245fa ... 333306214/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Apr 02, 2012 10:37 am
by rough_spear
Hi All, :D
Here is one more Windows First-Class Protector

File name - Setup.exe -----> Dropper.
MD5 - 9e9898b0ca37f87db4d1a69a821268ed
VT link - https://www.virustotal.com/file/65a061e ... /analysis/

File name - Protector-mtqt.exe ---Dropped file.
MD5 - 856328e8d300aa30bab2a9dd00982456
VT link - https://www.virustotal.com/file/5c4cbb8 ... /analysis/

Regards,


rough_spear. ;)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Apr 03, 2012 2:05 pm
by Maxstar
Windows Warding System

https://www.virustotal.com/file/ea57a2c ... 333461461/

Image
http://www.imgdumper.nl/uploads5/4f7b03 ... 0c-WWS.png

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Apr 04, 2012 2:04 am
by thisisu
Windows Shielding Utility
FakeVimes
pass: infected
https://www.virustotal.com/file/59c46c2 ... 333504821/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed Apr 04, 2012 6:19 am
by Evilcry
Delivered by Twitter spam message
jose a. espaillat p. ‏ @jespaillatp
- Shider http://tinyurl.com/7rhqdfy
Location:
http://optimizervulnerabilityprotect.in ... 375cbc551/
https://www.virustotal.com/file/2e36746 ... 333519722/

Pretty similar to Windows Shielding Utility mentioned in the previous post.

Addition:

From the same IP:
pcantivirustest.info/bb61f9bcec711d56/23/
pcantivirustest.info/bb61f9bcec711d56/21
computerantivirusmonitor.info/0520091375cbc551/
keeperdataperfomance.info/39f678a0d39279b6/4/
keeperdataperfomance.info/39f678a0d39279b6/4/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Apr 05, 2012 3:21 am
by thisisu
Internet Security
MD5: 5d27cbb3d1ed14f34139b47809a0807d
pass: infected
https://www.virustotal.com/file/ede446f ... 333595953/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Apr 05, 2012 5:09 am
by thisisu
Internet Security
MD5: 838987c2847acadf95887f00e3275f6b
pass: infected
https://www.virustotal.com/file/0652234 ... 333602002/
All times are UTC
Page 12 of 46
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/