KernelMode.info

PostPosted:**Mon Jan 23, 2012 10:50 pm**

Unpacked version in attach.

PostPosted:**Tue Jan 24, 2012 8:39 am**

FakeSysdef FUD

MD5: 6021fc3aa1295316b9a0031a3a4b4edc
0/43

PostPosted:**Tue Jan 24, 2012 6:32 pm**

Malware Protection Center

MP9c5_8040.exe: 7/41
Setup.exe: 10/43

PostPosted:**Wed Jan 25, 2012 8:27 am**

FakeRean - XP Home Security 2012
Above code works fine.

MD5: d8ef22258cd52c78d722a0be5589d93c
13/41

PostPosted:**Wed Jan 25, 2012 8:56 am**

24 FakeSysdef samples

PostPosted:**Thu Jan 26, 2012 9:05 am**

Security Shield Pro 2011 - Rogue:Win32/Winwebsec.
Realy looks like normal anti-malware tool, because found really infected files.

MD5: bc83e4ab803b8e18114dee369504fabf
17/43

PostPosted:**Thu Jan 26, 2012 9:13 am**

Security Shield - Winwebsec

MD5: e23b58ba4d6ed87e7f3fb6fbdb0724d0
11/42

PostPosted:**Fri Jan 27, 2012 10:02 pm**

Found along with a binary for rootkit.boot.SST.b and FakeSysDef.

FakeAV.Win32.FakeRecovery
MD5: fd635b2cb292142d237c2e0c4a8b2ccf
Detection ratio: 9 / 42
Analysis date: 2012-01-27 21:12:21 UTC
https://www.virustotal.com/file/6da519e ... 327698741/

PostPosted:**Sat Jan 28, 2012 4:07 am**

Neurofunk wrote: FakeAV.Win32.FakeRecovery
MD5: fd635b2cb292142d237c2e0c4a8b2ccf

This is FakeSysdef.

PostPosted:**Sat Jan 28, 2012 6:16 pm**

FakeSysdef (systemcheck):
mCl7w2YFKX8LGN.exe

SHA256:
8449f1762b8c23c8f72fe8944fff7d034dfe10fcb466d4596be0388ce54b1b68
https://www.virustotal.com/file/8449f17 ... 327774264/

KernelMode.info

Rogue Antimalware (FakeAV, 2012 year)

Re: Rogue antimalware (FakeAV, FakeAlert)

Re: Rogue antimalware (FakeAV, FakeAlert)

Re: Rogue antimalware (FakeAV, FakeAlert)

Re: Rogue antimalware (FakeAV, FakeAlert)

Re: Rogue antimalware (FakeAV, FakeAlert)

Re: Rogue antimalware (FakeAV, FakeAlert)

Re: Rogue antimalware (FakeAV, FakeAlert)

Re: Rogue antimalware (FakeAV, FakeAlert)

Re: Rogue antimalware (FakeAV, FakeAlert)

Re: Rogue antimalware (FakeAV, FakeAlert)