KernelMode.info

Ramtadryla wrote:Hi, maybe someone has a sample of "Spyware Defender" (or "System Defender") fake av (hxxp://spyware-defender.com)?

System Defender
• dns: 1 ›› ip: 212.7.218.11 - adress: SPYWARE-DEFENDER.COM
---
https://www.virustotal.com/en/file/4efb ... 415056336/

Hi, thanks for the previous sample ("System Defender"). If possible could anyone attach a sample of "Rango Antivirus 2014"? Should be something similar to Braviax/FakeRean sample posted before by Xylitol. Domain - hxxp://ssmorf1.com/ MD5 - cbc15ca34a62d409b99726b6a2c47a93 (according to ThreatTrack - http://www.threattracksecurity.com/it-b ... kerean.pdf)

In attach.

Hey guys. Maybe someone has this new variation "Windows Antivirus Adviser" sample?

http://siri-urz.blogspot.com/2014/11/wi ... viser.html

Have it too, but not for you.
This is not a malware request thread and i suggest you to read the rules before doing something stupid.

Attaching a sample of Windows AntiVirus Adviser.

Latest Braviax called Sirius <os name> Antivirus|Protection 2014. List of GUI titles are:

Sirius XP Antivirus 2014
Sirius XP Protection 2014 (couldn't confirm this one)
Sirius Vista Antivirus 2014
Sirius Win 7 Antivirus 2014
Sirius Win 8 Antivirus 2014
Sirius XP Protection 2014
Sirius Vista Protection 2014
Sirius Win 7 Protection 2014
Sirius Win 8 Protection 2014

Password: infected.

New FakeVimes Rogue - Windows AntiBreach Module

Please use a password for it.

Updated FakeRean/Braviax fakeav - uses a name of A-Secure 2015 for all Windows versions. Domains (hxxp://fscurat20.com - 146.185.239.111; hxxp://fscurat21.com - 146.185.239.111)