A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #15699  by EP_X0FF
 Sat Sep 22, 2012 2:19 am
System Progressive Protection

VirusTotal
https://www.virustotal.com/file/626e918 ... /analysis/

Main window with embedded detections.

Image

Security status.

Image

Purchase form.

Image

Uses usual autorun reg entry. Terminates running GUI programs with fake alert messages. Another reincarnation of the Security Shield. Thanks for sample to markusg.
Attachments
pass: infected
(356.1 KiB) Downloaded 115 times
 #15827  by rough_spear
 Sun Sep 30, 2012 5:36 pm
Hi All, :D

Windows Security 2012

With Necurs Rootkit.

Web Links -
hxxp://scan-av-fis.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11QWjkoL4jZPxOUaKMDkhQ==

hxxp://winsecsys6.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO1wcUi0le4mQcw lMfsTkhQ==

hxxp://great-antispy2012.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11oT30sOsTccyupJI5PkhQ==

Above url carry same file.
Attached file includes rootkit driver and dropper and sandboxie BSA reports.

Regards,

rough_spear. ;)
Attachments
password - infected.
(446.56 KiB) Downloaded 80 times
 #15829  by gied
 Sun Sep 30, 2012 6:53 pm
Do the rogue produces visible screen for anyone? Or is it VM-protected?
rough_spear wrote:Hi All, :D

Windows Security 2012

With Necurs Rootkit.

Web Links -
hxxp://scan-av-fis.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11QWjkoL4jZPxOUaKMDkhQ==

hxxp://winsecsys6.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO1wcUi0le4mQcw lMfsTkhQ==

hxxp://great-antispy2012.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11oT30sOsTccyupJI5PkhQ==

Above url carry same file.
Attached file includes rootkit driver and dropper and sandboxie BSA reports.

Regards,

rough_spear. ;)
  • 1
  • 39
  • 40
  • 41
  • 42
  • 43
  • 46