Hmm, a FakeAV using the winlocker method. That's a little different. Thanks for the upload.
A forum for reverse engineering, OS internals and malware analysis
Smart Guard Protection
Attachments
(493.19 KiB) Downloaded 105 times
Attachments
(176.19 KiB) Downloaded 98 times
Any idea how its spread?
BleepingComputer.com
I have downloaded it from:
https://www.virustotal.com/en/file/247b ... /analysis/ - Publisher name is Futurro Soft. I'll request it in the Malware requests.
Code: Select all
Payment page:
hxxp://rghost.net/50995422Code: Select all
"Futurro Antivirus Unlimited license" :lol: Futurro Antivirus seems to be another rogue, I found only one thread about it: http://www.malwareremoval.com/forum/vie ... 11&t=62376hxxp://futsyscarepay.com/payment.phphttps://www.virustotal.com/en/file/247b ... /analysis/ - Publisher name is Futurro Soft. I'll request it in the Malware requests.
Code: Select all
SCAREpay.com seriously ?http://futsyscarepay.com/payment_process.php
> https://migs.mastercard.com.au/vpcpay (vpc_Merchant=9800000100)
>> https://www.vbv.ktb.co.th/vbvads/paWarning.aspx
• dns: 1 ›› ip: 130.185.105.68 - adresse: FUTSYSCAREPAY.COM
• dns: 1 ›› ip: 203.42.65.51 - adresse: MIGS.MASTERCARD.COM.AU *legit*
• dns: 1 ›› ip: 202.12.117.153 - adresse: WWW.VBV.KTB.CO.TH *legit*
Windows Efficiency Console
MD5 d329fd901e1b63a82ae7fea8a85bf541
VT (8/49):
https://www.virustotal.com/en/file/0b00 ... /analysis/
MD5 d329fd901e1b63a82ae7fea8a85bf541
VT (8/49):
https://www.virustotal.com/en/file/0b00 ... /analysis/
Attachments
Password: infected
(1.45 MiB) Downloaded 92 times
(1.45 MiB) Downloaded 92 times
8 samples
Smart Guard Protection
Smart Guard Protection
Attachments
(3.17 MiB) Downloaded 79 times
Attachments
(513.5 KiB) Downloaded 69 times
Windows Premium Shield
Attachments
(1006.27 KiB) Downloaded 85 times
