TeamRocketOps wrote:XP Defender 2013Looks like NameChanger / FakeRean season is here :lol:
A forum for reverse engineering, OS internals and malware analysis
frame4-mdpro wrote:yes, this is for XP Defender 2013 / Win 7 Defender 2013Win32:Virut wrote:Key:Is this for the XP Defender 2013 ?Code: Select all3425-814615-3990
One more sample, detected only by AhnLab:
https://www.virustotal.com/file/6aec1a0 ... /analysis/
Attached.
Looks like FakeAV.
EDIT
This is System Progressive Protection. Can you move this post?
https://www.virustotal.com/file/6aec1a0 ... /analysis/
Attached.
Looks like FakeAV.
EDIT
This is System Progressive Protection. Can you move this post?
Attachments
Password is "infected" without quotes
(387.16 KiB) Downloaded 85 times
(387.16 KiB) Downloaded 85 times
landing and panel cash
Attachments
infected
(2 MiB) Downloaded 87 times
(2 MiB) Downloaded 87 times
infected
(2 MiB) Downloaded 79 times
(2 MiB) Downloaded 79 times
infected
(797 Bytes) Downloaded 67 times
(797 Bytes) Downloaded 67 times
^^^ Fake IObit scanner...you dont have the exe file??
Hi All, :D
SKYPE users targeted by Ransomware.
Web link - hxxp://goo.gl/5q1sx?img=radix.abhijeetsawant
Regards,
rough_spear. ;)
SKYPE users targeted by Ransomware.
Web link - hxxp://goo.gl/5q1sx?img=radix.abhijeetsawant
Regards,
rough_spear. ;)
Attachments
password - infected.
(469.4 KiB) Downloaded 78 times
(469.4 KiB) Downloaded 78 times
Hi, :D
Here is one more Fake AV.
Urls -
hxxp://178.77.103.54:8080//get/faa91cf5e79a76602f094ed38fad5872.exe
hxxp://188.212.156.180:8080//get/faa91cf5e79a76602f094ed38fad5872.exe
hxxp://202.169.224.202:8080//get/faa91cf5e79a76602f094ed38fad5872.exe
hxxp://50.22.136.150:8080/get/faa91cf5e79a76602f094ed38fad5872.exe
Regards,
rough_spear. ;)
Here is one more Fake AV.
Urls -
hxxp://178.77.103.54:8080//get/faa91cf5e79a76602f094ed38fad5872.exe
hxxp://188.212.156.180:8080//get/faa91cf5e79a76602f094ed38fad5872.exe
hxxp://202.169.224.202:8080//get/faa91cf5e79a76602f094ed38fad5872.exe
hxxp://50.22.136.150:8080/get/faa91cf5e79a76602f094ed38fad5872.exe
Regards,
rough_spear. ;)
Attachments
password - infected.
(381.15 KiB) Downloaded 98 times
(381.15 KiB) Downloaded 98 times
System Progressive Protection
Fresh Sample
Low detection
VT 3/43
https://www.virustotal.com/file/59394be ... 350178423/
Fresh Sample
Low detection
VT 3/43
https://www.virustotal.com/file/59394be ... 350178423/
Attachments
password: infected
(377.77 KiB) Downloaded 107 times
(377.77 KiB) Downloaded 107 times
TeamRocketOps wrote:System Progressive ProtectionThis sample calls DSEditSecurity function. What is the purpose of that?
Fresh Sample
Low detection
VT 3/43
https://www.virustotal.com/file/59394be ... 350178423/
Buster_BSA wrote:There is no purpose like any other. This is a part of fake import table.TeamRocketOps wrote:System Progressive ProtectionThis sample calls DSEditSecurity function. What is the purpose of that?
Fresh Sample
Low detection
VT 3/43
https://www.virustotal.com/file/59394be ... 350178423/
Ring0 - the source of inspiration
