KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2013 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=75

Page 11 of 15

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Thu Aug 29, 2013 6:00 am
by Win32:Virut
Antivirus Security Pro

Image

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Thu Aug 29, 2013 10:42 am
by Win32:Virut
Antivirus Security Pro

SHA256: dc715a8e61985f04ec06d7289527bbfd00a4af9ffd2745482f3da071a8b65c93
SHA1: 47d0d0260dd036d4b9526ea6cced28f90b44f784
MD5: 3e7dfe660e773106620ee7f000ed6a1e
File size: 646.5 KB ( 662016 bytes )
File name: XlX3nUa3.exe
Detection ratio: 0 / 46
Analysis date: 2013-08-29 10:35:25 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/dc71 ... 377772525/

dropped file:

SHA256: 982f9a3ec39cbbb3f415c0e6c686deca6c6e5dd14a4b26e454af93f3cc6858ca
SHA1: 83e61d3a9f6f17304c209abc14f5ccb5e5bcf2d1
MD5: 37ae22ba2799ed146c47085268dd481b
File size: 112.5 KB ( 115200 bytes )
File name: 1898282641481779720.exe
Detection ratio: 23 / 46
Analysis date: 2013-08-29 10:36:46 UTC ( 1 minute ago )
https://www.virustotal.com/en/file/982f ... /analysis/

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Thu Aug 29, 2013 3:56 pm
by Win32:Virut
133 samples of Antivirus Security Pro

Payment page:

hxxps://swaretraders.com/p/fp/asp/?lid=0073&ver=0073&reject_url=http%3A%2F%2Frxprogress.com%2Fp%2Fdecline%2F%3Flid%3D0073%26ver%3D0073%26nid%3DD5B2E7CD%26r%3D77%26affid%3D78701%26group%3Dasp&nid=D5B2E7CD&r=77&affid=78701&group=asp

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Fri Aug 30, 2013 10:40 am
by Win32:Virut
Titan Antivirus 2013

from malwr.com

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Fri Aug 30, 2013 2:59 pm
by Win32:Virut
199 samples - Antivirus Security Pro

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Sat Aug 31, 2013 8:05 pm
by secObs
Internet Security 2013

MD5: fdb5450c46d2bc7f9b7acb986f1211e6
SHA-1: 5273ca2f83b29cf6b98c5ef2afd5cd67785dceea

Payment page: [url]hxxp://regdexsecurity.com/buynow.php?bid=95[/url]

Virustotal: https://www.virustotal.com/en/file/ac.. ... 377979367/

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Sun Sep 01, 2013 10:14 am
by Win32:Virut
528 samples - Antivirus Security Pro

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Mon Sep 02, 2013 5:12 pm
by ELWIS1
5 samples - Antivirus Security Pro

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Wed Sep 04, 2013 3:20 pm
by Win32:Virut
524 samples - Antivirus Security Pro

Re: Rogue Antimalware (FakeAV, 2013 year)

PostPosted:Wed Sep 04, 2013 8:06 pm
by andrew9406
well apparently the activation code for antivirus security pro is the same as the other winwebsec rogues:
AA39754E-715219CE
All times are UTC
Page 11 of 15
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/