[andrew9406]

Live Security Professional
to run -> rundll32 DUMP_003E0000-003EF000_unpack_reveton.dll, XFG00

original https://www.virustotal.com/ru/file/410f ... /analysis/
unpacked https://www.virustotal.com/ru/file/2f8c ... /analysis/
fakeav memory dump https://www.virustotal.com/ru/file/3f12 ... /analysis/

activation code F9292-QRT38-U9291-29291-3923F

This... this is a 2012 sample
just search "live security professional" on the internet

[Win32:Virut]

Attentive Antivirus

This one is working in virtual machine.

[bitstechs]

Live Security Professional
to run -> rundll32 DUMP_003E0000-003EF000_unpack_reveton.dll, XFG00

original https://www.virustotal.com/ru/file/410f ... /analysis/
unpacked https://www.virustotal.com/ru/file/2f8c ... /analysis/
fakeav memory dump https://www.virustotal.com/ru/file/3f12 ... /analysis/

activation code F9292-QRT38-U9291-29291-3923F

This... this is a 2012 sample
just search "live security professional" on the internet

Seems like it's a 2013 sample. However, there is the old name of Live Security Platinum that you may be thinking of. I'm seeing new youtube videos and articles from about a week ago explaining this virus.

[andrew9406]

Live Security Professional
to run -> rundll32 DUMP_003E0000-003EF000_unpack_reveton.dll, XFG00

original https://www.virustotal.com/ru/file/410f ... /analysis/
unpacked https://www.virustotal.com/ru/file/2f8c ... /analysis/
fakeav memory dump https://www.virustotal.com/ru/file/3f12 ... /analysis/

activation code F9292-QRT38-U9291-29291-3923F

This... this is a 2012 sample
just search "live security professional" on the internet

Seems like it's a 2013 sample. However, there is the old name of Live Security Platinum that you may be thinking of. I'm seeing new youtube videos and articles from about a week ago explaining this virus.

apparently around september 2012 there was a rogue in another rogue family called "live security professional"
and also the "copyright" date on the rogue was 2012...

[secObs]

PC Defender 360

Virustotal 6/41
https://www.virustotal.com/en/file/1d3ba...1376254175/

MD5: a437f77b1a2789b7a23a19f098fd37fb
SHA-1: def5ae938bb7f7bfc023ffb1f32d18550ba85805

[Grinler]

Thanks. From the same family as Antivirus System.

http://www.kernelmode.info/forum/viewto ... 078#p20078

Hijacks .exe extension.

[rusl]

PC Defender 360

Virustotal 6/41
https://www.virustotal.com/en/file/1d3ba...1376254175/

MD5: a437f77b1a2789b7a23a19f098fd37fb
SHA-1: def5ae938bb7f7bfc023ffb1f32d18550ba85805

Key Generator (python 2.7.5)

Code: Select all

n = 0x4F #Second character == 'O'
i = 0
key = str('?O')
while i < 0xF:
    n += 0xB
    if n <= 0x5A:
        pass
    else:
        n = (n - 0x41)%0x19 + 0x41
    key += '?' + chr(n)
    i += 1
print key

[secObs]

Antiviral Factory 2013

Virustotal 23/45
https://www.virustotal.com/en/file/bd44 ... 376468890/

MD5: 1267861198810de041f203a4026514b8
SHA-1: db7733cefb3f1197f35f23f25ce87c3c709f0d60



Payment page

[url]hxxp://secfastpay.com/p/?&lid=3070040&affid=00083100&nid=0091B719&group=af[/url]

[Xylitol]

Payment page

[url]hxxp://secfastpay.com/p/?&lid=3070040&affid=00083100&nid=0091B719&group=af[/url]

Site rip in attach, (and containing also some olders BestAV payement pages)
https://www.virustotal.com/fr/file/cf7e ... 376507657/
lulz:

Code: Select all

htxp://secfastpay.com/p/test/
htxp://secfastpay.com/p/ds/
htxp://secfastpay.com/p/sf/
htxp://secfastpay.com/p/af/
htxp://secfastpay.com/p/amd/
htxp://secfastpay.com/p/sd/
htxp://secfastpay.com/p/dap/
htxp://secfastpay.com/p/srs/
htxp://secfastpay.com/p/pas/
htxp://secfastpay.com/p/sca/
htxp://secfastpay.com/p/ava/
htxp://secfastpay.com/p/sdx/
htxp://secfastpay.com/p/fta/
htxp://secfastpay.com/p/ata/
htxp://secfastpay.com/p/sca2/

[andrew9406]

PC Defender 360

Virustotal 6/41
https://www.virustotal.com/en/file/1d3ba...1376254175/

MD5: a437f77b1a2789b7a23a19f098fd37fb
SHA-1: def5ae938bb7f7bfc023ffb1f32d18550ba85805

Activation code:
?O?Z?L?W?I?T?F?Q?C?N?Y?K?V?H?S?E
same as attentive antivirus...