Rogue Antimalware (FakeAV, 2012 year) - Page 45

Topic locked

Re: Rogue:Win32/FakeRean

#16768 by a_d_13
Thu Nov 22, 2012 6:28 pm

SC_ wrote:http://dl.dropbox.com/u/69242790/sample.zop
Password: infected

rename to zip.

Attached.

Thanks,
--AD

Attachments

sample.zip

Pass: infected
(229.5 KiB) Downloaded 78 times

Username

a_d_13

Rank

Global Moderator

Posts

393

Joined

Sun Mar 07, 2010 3:31 am

Re: Rogue antimalware (FakeAV, FakeAlert)

#17034 by EX!
Wed Dec 05, 2012 2:39 pm

Fake AV

https://www.virustotal.com/file/9db4536 ... 354672656/

SHA256: 9db4536d50fda596d7e98447433f1400b5a8dcac9c346e7c57951f88c3c6364e
SHA1: 1fdbbf1554ae03c9acb4816acd57f13732c0fe3b
MD5: 7b9923d9059e29b5bbdfd8e77fbc2ad5
Tamaño: 560.0 KB ( 573440 bytes )
Nombre: CBbD2dtb.exe
Tipo: Win32 EXE
Etiquetas: peexe
Detecciones: 10 / 46
Fecha de análisis: 2012-12-05 01:57:36 UTC ( hace 11 horas, 53 minutos )

Attachments

CBbD2dtb-exe.zip

passw = infected
(412.34 KiB) Downloaded 87 times

Username

EX!

Posts

35

Joined

Wed Jun 29, 2011 8:24 pm

Contact

Re: Rogue antimalware (FakeAV, FakeAlert)

#17053 by Win32:Virut
Thu Dec 06, 2012 3:37 pm

Win 7 Antispyware Pro 2013

New sample and dropped files.

Attachments

Samples.7z

Password is "infected" without quotes.
(284.79 KiB) Downloaded 94 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Rogue antimalware (FakeAV, FakeAlert)

#17076 by Xylitol
Sat Dec 08, 2012 9:18 am

50 FakeRean repack, downloaded from 78.140.135.211

Code: Select all

hxxp://domainslusiannastyle.info/resources/exe_data/00100.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00101.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00102.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00103.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00200.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00288.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00300.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00301.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00333.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00344.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00355.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00377.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00388.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00400.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00401.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00500.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00600.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00601.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00602.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00603.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00700.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00800.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00888.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00900.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00901.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00902.exe
hxxp://domainslusiannastyle.info/resources/exe_data/00903.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01000.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01100.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01101.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01200.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01208.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01300.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01301.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01302.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01305.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01400.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01401.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01415.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01500.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01600.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01700.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01788.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01800.exe
hxxp://domainslusiannastyle.info/resources/exe_data/01900.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02000.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02088.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02100.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02200.exe
hxxp://domainslusiannastyle.info/resources/exe_data/02255.exe

detections arround 11/46
29 Landings:

Code: Select all

hxxp://domainslusiannastyle.info/resources/promo/1_seven_1.html
hxxp://domainslusiannastyle.info/resources/promo/1_seven_2.html
hxxp://domainslusiannastyle.info/resources/promo/1_seven_3.html
hxxp://domainslusiannastyle.info/resources/promo/1_seven_4.html
hxxp://domainslusiannastyle.info/resources/promo/1_vista_1.html
hxxp://domainslusiannastyle.info/resources/promo/1_vista_2.html
hxxp://domainslusiannastyle.info/resources/promo/1_vista_3.html
hxxp://domainslusiannastyle.info/resources/promo/1_vista_4.html
hxxp://domainslusiannastyle.info/resources/promo/1_xp_1.html
hxxp://domainslusiannastyle.info/resources/promo/1_xp_2.html
hxxp://domainslusiannastyle.info/resources/promo/1_xp_3.html
hxxp://domainslusiannastyle.info/resources/promo/1_xp_4.html
hxxp://domainslusiannastyle.info/resources/promo/2_seven_1.html
hxxp://domainslusiannastyle.info/resources/promo/2_seven_2.html
hxxp://domainslusiannastyle.info/resources/promo/2_seven_3.html
hxxp://domainslusiannastyle.info/resources/promo/2_seven_4.html
hxxp://domainslusiannastyle.info/resources/promo/2_vista_1.html
hxxp://domainslusiannastyle.info/resources/promo/2_vista_2.html
hxxp://domainslusiannastyle.info/resources/promo/2_vista_3.html
hxxp://domainslusiannastyle.info/resources/promo/2_vista_4.html
hxxp://domainslusiannastyle.info/resources/promo/2_xp_1.html
hxxp://domainslusiannastyle.info/resources/promo/2_xp_2.html
hxxp://domainslusiannastyle.info/resources/promo/2_xp_3.html
hxxp://domainslusiannastyle.info/resources/promo/2_xp_4.html
hxxp://domainslusiannastyle.info/resources/promo/3_1.html
hxxp://domainslusiannastyle.info/resources/promo/4_1.html
hxxp://domainslusiannastyle.info/resources/promo/5_1.html
hxxp://domainslusiannastyle.info/resources/promo/6_1.html
hxxp://domainslusiannastyle.info/resources/promo/7_1.html

Severals dirs/files:

Code: Select all

hxxp://domainslusiannastyle.info/resources/sploit_data/
hxxp://domainslusiannastyle.info/jslib/
hxxp://domainslusiannastyle.info/img4/
hxxp://domainslusiannastyle.info/images/
hxxp://domainslusiannastyle.info/0/
hxxp://domainslusiannastyle.info/index/down/
hxxp://domainslusiannastyle.info/file.php
hxxp://domainslusiannastyle.info/bots.php
hxxp://domainslusiannastyle.info/generator.php

Payment processor: 78.140.135.203

Code: Select all

hxxp://pcsecpay.com/8065d00333769cd9eb241
hxxp://pcsecpay.com/payform/show/

Stats server (78.140.135.203)

Code: Select all

hxxp://pcsecstat.com/8065d00333

Attempt also to download a file: metaspdigguard.info/data.exe (78.140.135.211)

Attachments

FakeRean_1.zip

infected
(1.84 MiB) Downloaded 80 times

FakeRean_2.zip

infected
(1.84 MiB) Downloaded 75 times

FakeRean_3.zip

infected
(1.84 MiB) Downloaded 74 times

FakeRean_4.zip

infected
(1.85 MiB) Downloaded 75 times

FakeRean_5.zip

infected
(1.84 MiB) Downloaded 72 times

FakeRean_6.zip

infected
(1.84 MiB) Downloaded 73 times

FakeRean_7.zip

infected
(707.34 KiB) Downloaded 76 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Rogue antimalware (FakeAV, FakeAlert)

#17079 by hx1997
Sat Dec 08, 2012 12:19 pm

34 FakeRean

Attachments

FakeRean.7z

infected
(275.81 KiB) Downloaded 79 times

Username

hx1997

Posts

101

Joined

Sat Apr 07, 2012 12:16 am

Re: Rogue antimalware (FakeAV, FakeAlert)

#17082 by Win32:Virut
Sat Dec 08, 2012 5:27 pm

Security Shield with new icon

Downloaded from one of Xylitol's links:

Code: Select all

hxxp://domainslusiannastyle.info/resources/exe_data/01900.exe

Attachments

hhtfrpch.exe.7z

Password is "infected" without quotes.
(285.56 KiB) Downloaded 85 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Rogue antimalware (FakeAV, FakeAlert)

#17088 by hx1997
Sun Dec 09, 2012 3:41 pm

48 FakeRean

Attachments

FakeRean.7z

infected
(259.53 KiB) Downloaded 88 times

Username

hx1997

Posts

101

Joined

Sat Apr 07, 2012 12:16 am

Re: Rogue antimalware (FakeAV, FakeAlert)

#17089 by hx1997
Sun Dec 09, 2012 4:03 pm

Winwebsec Security Shield - new icon

Attachments

D9F37790BA1D6C72FDEF5DB0DA66817F.7z

infected
(282.99 KiB) Downloaded 89 times

Username

hx1997

Posts

101

Joined

Sat Apr 07, 2012 12:16 am

Re: Rogue Antimalware (FakeAV, 2012 year)

#17173 by Win32:Virut
Fri Dec 14, 2012 1:32 pm

Win 7 Internet Security 2011

That's just name, it's new sample.

Attachments

pgd.exe.7z

Password: infected
(202.52 KiB) Downloaded 111 times

Zrzut ekranu 2012-12-14 o 14.12.36.png (167.57 KiB) Viewed 691 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Rogue Antimalware (FakeAV, 2012 year)

#17174 by Win32:Virut
Fri Dec 14, 2012 2:11 pm

2 URLs, probably FakeAV

Code: Select all

hxxp://guchpaygoogles.info/data.exe
hxxp://monitorsupremenike.com/data.exe

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Topic locked

Options
455 posts
Page 45 of 46
Jump to page #

Previous
1
…
42
43
44
45
46
Next

Page 45 of 46
455 posts

Jump to page #

1
…
42
43
44
45
46