A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #12014  by wildman424
 Wed Mar 07, 2012 3:46 pm
Windows Personal Detective

submission pt1 - pt7
F92C01010D21B8FE59128B7E6A5F8053 2101562 2012-03-07 01:37:42 setup(6).exe
DDB0359E00FCED4410F4EA5C23F16DBC 2101673 2012-03-07 02:01:34 setup(16).exe

DD59C103EEA0D9BB8F184A5F79A64AFA 2101575 2012-03-07 01:38:54 setup(4).exe
A04497F755B0CAE796BE8F0DFD78A053 2101655 2012-03-07 02:00:06 setup(9).exe

8B9B9DDEAF0DB495C8C1BD54431BF966 2101604 2012-03-07 02:00:34 setup(11).exe
7D61480B075FE40180CAA1FD91398C59 2101776 2012-03-07 01:39:12 setup(5).exe

77E026EBBD81CD86C20AA5D4007D040A 2101541 2012-03-07 02:00:30 setup(10).exe
688836FE7F1304F24C22998F7F72975F 2101504 2012-03-07 01:22:42 setup.exe

55A9E9C5A032387B8527C26033E69D17 2101558 2012-03-07 02:00:58 setup(13).exe
5176CDAC0448C65A3BA73DE65B211CDD 2101717 2012-03-07 01:58:30 setup(7).exe

472218ACB21CE37FA1D6EE1A42C58353 2101805 2012-03-07 01:58:46 setup(8).exe
1CAA1CBFDB172873F9649E5847FF1545 2101669 2012-03-07 02:04:56 setup(30).exe

1B8A9294C78C9E0A539C1B17C1C8FC5A 2101824 2012-03-07 02:01:58 setup(18).exe
067C0D7E166CB564D9B4FA55EDE4F290 2101538 2012-03-07 01:38:38 setup(3).exe
Attachments
FoldAlyzer log
(1.05 KiB) Downloaded 37 times
pswd = infected
(3.92 MiB) Downloaded 58 times
 #12017  by Xylitol
 Wed Mar 07, 2012 8:56 pm
Antivirus Protection 2012
(unpacked version + fixed vm)

AntivirusProtection2012.exe: 7/43 >> https://www.virustotal.com/file/4594703 ... 331147341/
securityhelper.exe: 7/43 >> https://www.virustotal.com/file/5297ef8 ... 331154716/
securitymanager.exe: 4/40 >> https://www.virustotal.com/file/460a8dc ... 331154603/

Image Image
Attachments
infected
(5 MiB) Downloaded 85 times
infected
(2.04 KiB) Downloaded 72 times
infected
(2.39 MiB) Downloaded 72 times
 #12044  by Xylitol
 Fri Mar 09, 2012 2:45 pm
Loader of Antivirus Protection 2012 in attach and two extra links:
Code: Select all
• dns: 1 » ip: 205.204.87.27 - adresse: WHITE-DOGGYSOFT.IN
hxxp://white-doggysoft.in/soft/loader.exe
hxxp://white-doggysoft.in/soft/installer_m.exe
The serial for antivirus protection (i've forget to post it) LIC-99D0-1239-KJAS-354S-SQD4-CJKF-KF67-GJ78-FGHK-ZDU6
And the affiliate behind http://xylibox.blogspot.com/2012/03/fak ... zaxar.html
Attachments
infected
(24.95 KiB) Downloaded 68 times
 #12053  by BachMinuetInG
 Sat Mar 10, 2012 6:10 am
Guys I will be inactive for a while as I try to recover my files from my hard disk. The files for the 2 fakepav and fakevd have been lost forever :( Sorry guys.
:?
 #12058  by BachMinuetInG
 Sun Mar 11, 2012 7:20 am
FakePAV and FakeVD with landing and droppers

Link: htpt://w757672.open.ge.tt/1/files/4P482qE/0/blob?download

Password: xwxproductions
  • 1
  • 7
  • 8
  • 9
  • 10
  • 11
  • 46