A forum for reverse engineering, OS internals and malware analysis 

Rogue Antimalware (FakeAV, 2011 year)

Forum for analysis and discussion about malware.
 Topic locked

Re: Rogue antimalware (FakeAV, FakeAlert)

 #9690  by rough_spear
 Sun Nov 13, 2011 3:01 pm
Hi Everybody, :D

SYSTEM RESTORE :evil:

Dropper File - w.php.4.exe
VT link - http://www.virustotal.com/file-scan/rep ... 1321110224
MD5 : c2b22e3118c76204cb4ee757f6ab92df
SHA1 : 3d116dd918efcc9c38ce669813a23dc23207ca6e
SHA256: 3fed97347ee42421197495057b7531397f4b761f48c7bb463282c418778b6a6e
ssdeep: 12288:Kz8Z7yx04tVuwlESx7IbeTuNY7GfmqTOoC9b5UyL9:t14VPwoudaoTy
File size : 496640 bytes

Dropped Files -

8hRnojakbi119d.exe
VT link - http://www.virustotal.com/file-scan/rep ... 1321195448
MD5 : c6b15d582cc107e0be1e213a19a920bd
SHA1 : 0ce96aa5cf58b7fd257daf64008f04eeae969c46
SHA256: 9b22c19bcdb33cd54247557d235ef34d817da6f23c8af43d6d66688a23ffd8ae
ssdeep: 6144:Az8yBZuhyu2iipBV4V1tMdeIMA17jmctq0gKhEQFi+yn1y1m9SRW63y3a6yBRJq3:Az8Bz
3iiudEA17jmctq07Ep+A1y1mF6G
File size : 385024 bytes

and BA97.tmp
VT link - http://www.virustotal.com/file-scan/rep ... 1321193539
MD5 : 97bc7ce7a6ea9af88ea62220512f1112
SHA1 : cebb08b753b30e251da2136618ddeb58d13fac26
SHA256: 531029ef45543ba26dba529fe466ae902c0b7911ac0f7a8b43e8c14811a3b67f
ssdeep: 6144:t0uHK2v3fWAUaWjIDvq/SHgXHsZHhY/dskE4AgK2ak:t0UxfiOvq/SiHIaaYK2a
File size : 335872 bytes


Regards,

rough_spear. 8-)
Attachments
password - malware.
(1019.13 KiB) Downloaded 63 times

Re: Rogue antimalware (FakeAV, FakeAlert)

 #9691  by markusg
 Sun Nov 13, 2011 3:55 pm
9SrQQbeTkFJrsC.exe
MD5   : 48a84c01ced4be24ffda9acb28737b5c
https://www.virustotal.com/file-scan/re ... 1321189535
LEnXuYtOREFxPor.exe
MD5   : 4c486111eb5e4e406d83b7b485da9f39
https://www.virustotal.com/file-scan/re ... 1321190028
rJkidNSDHNQGC.exe
MD5   : 86efcd6dfd7a9436c6e16d822142f917
https://www.virustotal.com/file-scan/re ... 1321198738
Attachments
(1.13 MiB) Downloaded 68 times

Re: Rogue antimalware (FakeAV, FakeAlert)

 #10006  by EP_X0FF
 Tue Nov 29, 2011 4:02 pm
FakeAV's dump from captured blackhole (courtesy of Xylitol), 40 Mb when unpacked, all fresh and cleared from AV detections. Pass malware, multipart rar archive.
Includes "Security Sphere" + Necurs.
Attachments
(3.59 MiB) Downloaded 65 times
(5 MiB) Downloaded 61 times
(5 MiB) Downloaded 61 times
(5 MiB) Downloaded 60 times
(5 MiB) Downloaded 65 times
(5 MiB) Downloaded 60 times
(5 MiB) Downloaded 67 times

w.php Pages

 #10023  by BachMinuetInG
 Wed Nov 30, 2011 8:51 am
Got some files from w.php pages.
Example:
lajhkvnwkqgjkasgoiqrht.c0m.li/w.php?f=17&e=6
Attachments
w.php
(2.46 MiB) Downloaded 58 times

Re: w.php Pages

 #10024  by EP_X0FF
 Wed Nov 30, 2011 8:56 am
xwxproductions wrote:Got some files from w.php pages.
Example:
lajhkvnwkqgjkasgoiqrht.c0m.li/w.php?f=17&e=6
This is blackhole link format.

Re: Rogue antimalware (FakeAV, FakeAlert)

 #10027  by BachMinuetInG
 Wed Nov 30, 2011 9:27 am
Security Sphere 2012
New file found!
anti-malware.exe
From iFrame Exploit
Does anyone have XP Security 2012 (Newer version)
Attachments
(321.91 KiB) Downloaded 72 times
 Topic locked
  • 1
  • 27
  • 28
  • 29
  • 30
  • 31
  • 34
 Return to “Malware”