KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2012 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2414

Page 17 of 46

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Apr 27, 2012 2:13 am
by thisisu
Windows Premium Guard
FakeVimes - MD5: 1dbac849d825a2174e4cf80a863715ad - diff icon
https://www.virustotal.com/file/f8a8fd1 ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Apr 28, 2012 12:42 am
by thisisu
Windows Safety Checkpoint
FakeVimes - MD5: 329c833f9e3c05bf642647780daa33ca
https://www.virustotal.com/file/b7db6e4 ... 335573657/
Note: Largest filesize rogue in FakeVimes to date. Despite the aforementioned, this does not appear to be "installer" version. Protector-????.exe and "installer" are same MD5.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Apr 28, 2012 1:50 am
by thisisu
Smart Fortress 2012
Winwebsec - MD5: 22591633302c18a6db719b15f0d31d7f
https://www.virustotal.com/file/0b32b2a ... /analysis/
AppCertDlls

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Apr 28, 2012 6:24 am
by thisisu
Windows Safety Checkpoint
FakeVimes - MD5: 2523c3818d9a40397d148d5e65db3db5
https://www.virustotal.com/file/c8c5505 ... /analysis/

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Apr 28, 2012 7:41 am
by rough_spear
Hi All, :D

Here is another sample of Windows Safety Checkpoint.

web url 1 - hxxp://initialtube.in/hot/Flash_Player_v11.2_for_Windows.exe

web url 2 - hxxp://tubeoclock.in/hot/xxxvideo.avi.exe

VT link - https://www.virustotal.com/file/b7db6e4 ... /analysis/

MD5 - 329c833f9e3c05bf642647780daa33ca

Regards,

rough_spear. ;)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Apr 28, 2012 12:27 pm
by rough_spear
Hi All, :D

Security Shield

VT link - https://www.virustotal.com/file/63f40e7 ... /analysis/
MD5 - 6b0d5217aef84807b039ddf5443e1954

Regards,


rough_spear. ;)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Apr 28, 2012 12:32 pm
by rough_spear
Hi All, :D

Another Security Shield. :evil:

VT link - https://www.virustotal.com/file/ef0716f ... /analysis/
MD5 - b24c180ee53756219885acfd1f8d4d50

Regards,


rough _spear. ;)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sat Apr 28, 2012 2:09 pm
by EP_X0FF
As you can see from VT link, this sample was already posted here few months ago

http://www.kernelmode.info/forum/viewto ... 370#p10678

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Apr 29, 2012 4:02 pm
by rough_spear
Search the forum using md5 but didn't find matching so posted the sample. :o
EP_X0FF wrote:As you can see from VT link, this sample was already posted here few months ago

http://www.kernelmode.info/forum/viewto ... 370#p10678
anyway thanks for info.

Regards,

rough_spear.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Apr 29, 2012 7:29 pm
by thisisu
Windows Recovery Series
FakeVimes - MD5: a35a060f0c025468063be37ded306aa3
https://www.virustotal.com/file/a3cca31 ... /analysis/
All times are UTC
Page 17 of 46
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/