KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2011 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2233

Page 18 of 34

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Jun 17, 2011 2:57 am
by EP_X0FF
Xylitol wrote:http://xylibox.blogspot.com/2011/06/tra ... akeav.html
Tracking Cyber Crime: Inside the FakeAV Business (MS Removal Tool related)
I like this comment (fyi to anonymous - to give something you need to have this one first).

Image

Windows Stability Alarm

PostPosted:Fri Jun 17, 2011 9:04 am
by bitx
Windows Stability Alarm

Image

Windows Security

PostPosted:Fri Jun 17, 2011 5:12 pm
by rough_spear
Windows Security

Here is new windows security. :)

hxxp://difiestran.cz.cc/AdwareRemover.exe

Regards,


rough_spear.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Jun 18, 2011 4:12 am
by kmd
bitx wrote:Windows Stability Alarm
what the point in packing malwre by asprotect? :lol:
when static unpacker available http://exelab.ru/f/index.php?action=vth ... opic=18361

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Jun 18, 2011 3:38 pm
by Xylitol
EP_X0FF wrote: Image
i lol'd too, today some guys on irc talked me 'i will pay money you will be killed'
haha who they will call, hitman ? :)

in attach, unpacked MS removal tool sample, have fun.

Image
Image
Image
Image
Image
Image

20/41 >> 48.8%
http://www.virustotal.com/file-scan/rep ... 1308411365

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Jun 19, 2011 8:01 pm
by Xylitol
Tracking Cyber Crime: Gagarincash AV Affiliate: http://xylibox.blogspot.com/2011/06/tra ... sh-av.html
Security Shield 2011 related.

Image

In attach, unpacked sample, have fun.

8/42 >> 19.0%
http://www.virustotal.com/file-scan/rep ... 1308513477

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Jun 20, 2011 9:50 pm
by Xylitol
Security Shield fake scanner page & decoder

hXXp://46.161.10.145/index.php?6CN=OAY7O72C8RW2738&Ou58Q=KClLP2hbJ0QiOG1eV0QuKR1Y&F8=934&h9eiY=SAkW1xLK2IBF3oAHmAPbAJMci5zRQIHLV5QS11OcHF9Bl&9q=4794QTM697WU39K20X8B50CRB&LjhsK=Q61992FID692T998864232&llOA=ixTC3IINmVXVgFceX8%2BAGIIAn9sa3djczpdR0M%3D&jFo9m=xQZl1aDQoGV1NXAHhtU&8429L=ONB1Q85FUZERDN8&Q93bV=N&SpI=URGKTMuGj8rK&fm2=l1IXFxNL\#9

Image

Use js/decoder.js in malzilla for deobs the rsa.

Windows Clear Problems

PostPosted:Tue Jun 21, 2011 7:52 pm
by Xylitol
Windows Clear Problems

Loc: hxxp://hdxxxvideoonline.com/movie8064/movie.exe

Image

http://www.virustotal.com/file-scan/rep ... 1308685311

Windows Cleaning Tool

PostPosted:Thu Jun 23, 2011 10:38 am
by bitx
Windows Cleaning Tool

Image

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Jun 24, 2011 12:21 am
by Xylitol
Department of Justice Disrupts International Cyber Crime Rings Distributing Scareware: http://www.fbi.gov/news/pressrel/press- ... -scareware
All times are UTC
Page 18 of 34
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/