Re: Rogue:Win32/FakeRean
PostPosted:Thu Nov 22, 2012 6:28 pm
SC_ wrote:http://dl.dropbox.com/u/69242790/sample.zopAttached.
Password: infected
rename to zip.
Thanks,
--AD
Thanks,
--AD
KernelMode.info
A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/
Rogue Antimalware (FakeAV, 2012 year)
Page 45 of 46
Thanks,
--AD
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Wed Dec 05, 2012 2:39 pm
Fake AV
https://www.virustotal.com/file/9db4536 ... 354672656/
SHA256: 9db4536d50fda596d7e98447433f1400b5a8dcac9c346e7c57951f88c3c6364e
SHA1: 1fdbbf1554ae03c9acb4816acd57f13732c0fe3b
MD5: 7b9923d9059e29b5bbdfd8e77fbc2ad5
Tamaño: 560.0 KB ( 573440 bytes )
Nombre: CBbD2dtb.exe
Tipo: Win32 EXE
Etiquetas: peexe
Detecciones: 10 / 46
Fecha de análisis: 2012-12-05 01:57:36 UTC ( hace 11 horas, 53 minutos )
https://www.virustotal.com/file/9db4536 ... 354672656/
SHA256: 9db4536d50fda596d7e98447433f1400b5a8dcac9c346e7c57951f88c3c6364e
SHA1: 1fdbbf1554ae03c9acb4816acd57f13732c0fe3b
MD5: 7b9923d9059e29b5bbdfd8e77fbc2ad5
Tamaño: 560.0 KB ( 573440 bytes )
Nombre: CBbD2dtb.exe
Tipo: Win32 EXE
Etiquetas: peexe
Detecciones: 10 / 46
Fecha de análisis: 2012-12-05 01:57:36 UTC ( hace 11 horas, 53 minutos )
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Thu Dec 06, 2012 3:37 pm
Win 7 Antispyware Pro 2013
New sample and dropped files.
New sample and dropped files.
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sat Dec 08, 2012 9:18 am
50 FakeRean repack, downloaded from 78.140.135.211
29 Landings:
Code: Select all
detections arround 11/46hxxp://domainslusiannastyle.info/resources/exe_data/00100.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00101.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00102.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00103.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00200.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00288.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00300.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00301.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00333.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00344.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00355.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00377.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00388.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00400.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00401.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00500.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00600.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00601.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00602.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00603.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00700.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00800.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00888.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00900.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00901.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00902.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00903.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01000.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01100.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01101.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01200.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01208.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01300.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01301.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01302.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01305.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01400.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01401.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01415.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01500.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01600.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01700.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01788.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01800.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01900.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02000.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02088.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02100.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02200.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02255.exe29 Landings:
Code: Select all
Severals dirs/files:
hxxp://domainslusiannastyle.info/resources/promo/1_seven_1.html
hxxp://domainslusiannastyle.info/resources/promo/1_seven_2.html
hxxp://domainslusiannastyle.info/resources/promo/1_seven_3.html
hxxp://domainslusiannastyle.info/resources/promo/1_seven_4.html
hxxp://domainslusiannastyle.info/resources/promo/1_vista_1.html
hxxp://domainslusiannastyle.info/resources/promo/1_vista_2.html
hxxp://domainslusiannastyle.info/resources/promo/1_vista_3.html
hxxp://domainslusiannastyle.info/resources/promo/1_vista_4.html
hxxp://domainslusiannastyle.info/resources/promo/1_xp_1.html
hxxp://domainslusiannastyle.info/resources/promo/1_xp_2.html
hxxp://domainslusiannastyle.info/resources/promo/1_xp_3.html
hxxp://domainslusiannastyle.info/resources/promo/1_xp_4.html
hxxp://domainslusiannastyle.info/resources/promo/2_seven_1.html
hxxp://domainslusiannastyle.info/resources/promo/2_seven_2.html
hxxp://domainslusiannastyle.info/resources/promo/2_seven_3.html
hxxp://domainslusiannastyle.info/resources/promo/2_seven_4.html
hxxp://domainslusiannastyle.info/resources/promo/2_vista_1.html
hxxp://domainslusiannastyle.info/resources/promo/2_vista_2.html
hxxp://domainslusiannastyle.info/resources/promo/2_vista_3.html
hxxp://domainslusiannastyle.info/resources/promo/2_vista_4.html
hxxp://domainslusiannastyle.info/resources/promo/2_xp_1.html
hxxp://domainslusiannastyle.info/resources/promo/2_xp_2.html
hxxp://domainslusiannastyle.info/resources/promo/2_xp_3.html
hxxp://domainslusiannastyle.info/resources/promo/2_xp_4.html
hxxp://domainslusiannastyle.info/resources/promo/3_1.html
hxxp://domainslusiannastyle.info/resources/promo/4_1.html
hxxp://domainslusiannastyle.info/resources/promo/5_1.html
hxxp://domainslusiannastyle.info/resources/promo/6_1.html
hxxp://domainslusiannastyle.info/resources/promo/7_1.htmlCode: Select all
Payment processor: 78.140.135.203
hxxp://domainslusiannastyle.info/resources/sploit_data/
hxxp://domainslusiannastyle.info/jslib/
hxxp://domainslusiannastyle.info/img4/
hxxp://domainslusiannastyle.info/images/
hxxp://domainslusiannastyle.info/0/
hxxp://domainslusiannastyle.info/index/down/
hxxp://domainslusiannastyle.info/file.php
hxxp://domainslusiannastyle.info/bots.php
hxxp://domainslusiannastyle.info/generator.phpCode: Select all
Stats server (78.140.135.203)
hxxp://pcsecpay.com/8065d00333769cd9eb241
hxxp://pcsecpay.com/payform/show/Code: Select all
Attempt also to download a file: metaspdigguard.info/data.exe (78.140.135.211)hxxp://pcsecstat.com/8065d00333Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sat Dec 08, 2012 12:19 pm
34 FakeRean
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sat Dec 08, 2012 5:27 pm
Security Shield with new icon
Downloaded from one of Xylitol's links:
Downloaded from one of Xylitol's links:
Code: Select all
hxxp://domainslusiannastyle.info/resources/exe_data/01900.exeRe: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sun Dec 09, 2012 3:41 pm
48 FakeRean
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sun Dec 09, 2012 4:03 pm
Winwebsec Security Shield - new icon
Re: Rogue Antimalware (FakeAV, 2012 year)
PostPosted:Fri Dec 14, 2012 1:32 pm
Win 7 Internet Security 2011
That's just name, it's new sample.
That's just name, it's new sample.
Re: Rogue Antimalware (FakeAV, 2012 year)
PostPosted:Fri Dec 14, 2012 2:11 pm
2 URLs, probably FakeAV
Code: Select all
hxxp://guchpaygoogles.info/data.exe
hxxp://monitorsupremenike.com/data.exe