KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2011 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2233

Page 12 of 34

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun May 08, 2011 10:52 pm
by Xylitol
loc: hXXp://scan0.goerges.co.be/index.php?Q2PhD9QgbVBGUHo/M7FLgSv1E3X4Hzd5oSLyIgcUpKrVLC/phHMpM1HKq6rgLVqTsAehBCP3EEo10ZT6oHrN4EQ0ZYnJBO1zKdYCQkSk

Image

https://www.virustotal.com/file-scan/re ... 1304893509
5/42 >> 11.9%

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue May 10, 2011 2:08 pm
by bitx
Windows Supervision Center

Image

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Wed May 11, 2011 12:40 pm
by Maxstar
PC Security Guardian

Another sample of PC Security Guardian.
MD5 : b38342217e998ccd0221236efb679968
Result: 6 /42 (14.3%)
http://www.virustotal.com/file-scan/rep ... 1304968337

Windows Attention Utility

PostPosted:Thu May 12, 2011 11:35 am
by ngyikp
Windows Attention Utility
repacked with a different name >_<

fake scanner page: hxxp://software-s3h3.co.cc/c3694735a184cb7c/sa1/0/ (no Referer spoofing required)

Image

Image

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri May 13, 2011 11:42 am
by Xylitol
Image

Braviax rogue + a copy of the fake scanner page (and cool, that not obfuscated)

ars.exe: 8/42 >> 19.0%
https://www.virustotal.com/file-scan/re ... 1305285935

BestAntivirus2011.exe: 7/42 >> 16.7%
https://www.virustotal.com/file-scan/re ... 1305285947

Security Shield Pro 2011

PostPosted:Sat May 14, 2011 10:50 am
by Xylitol
Security Shield Pro 2011 (wtf)

loc: hxxp://188.229.88.192/f.php
hxxp://95.64.56.164/cb_soft.php?q=OElaFhMFBk1SFFZORwVXSFBEcW53dWZjemFWRxADVkpYRwhBQgVXTlYPXg==

Image

Setup.exe: 0/41 >> 0.0%
https://www.virustotal.com/file-scan/re ... 1305369160

SSP.exe: 0/42 >> 0.0%
http://www.virustotal.com/file-scan/rep ... 1305369261

Interesting that seem ripped from VirusKeeper.

Windows Tasks Optimizer

PostPosted:Sun May 15, 2011 12:42 am
by ngyikp
Windows Tasks Optimizer
repacked bullshit

hxxp://software-p8we.co.cc/e694597eeccf2d14/sa1/0/

Image

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon May 16, 2011 9:42 am
by Xylitol
MS Removal Tool (v2.20), Antivirus Pro, Braviax

2/ 41 >> 4.9%
http://www.virustotal.com/file-scan/rep ... 1305538840

3 /42 >> 7.1%
http://www.virustotal.com/file-scan/rep ... 1305537951

11/ 42 >> 26.2%
http://www.virustotal.com/file-scan/rep ... 1305538519

Windows Activity Inspector

PostPosted:Tue May 17, 2011 11:18 am
by bitx
Windows Activity Inspector

Image

Fake AV "Best Malware Protection"

PostPosted:Tue May 17, 2011 1:10 pm
by vyosek
Hi all,

have somebody fake AV "Best Malware Protection"
Image

Thx, vyosek - moderator viry.cz\forum, member of ASAP
All times are UTC
Page 12 of 34
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/