A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #6661  by Maxstar
 Fri Jun 03, 2011 8:04 am
Attachments
Pass=infected
(3.87 MiB) Downloaded 71 times
Pass=infected
(2.2 MiB) Downloaded 70 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:49 am, edited 1 time in total. Reason: title edited
 #6668  by ngyikp
 Fri Jun 03, 2011 1:36 pm
Windows Rescue Center

Yeah, sounds like I need to go rescue my Windows or something.

Image

Fake scanner pages: (time sensitive!)
hxxp://przedluzanie.home.pl/indexz22z.php (main redirect)
hxxp://defender-jcdaz.in/c07bc4cb73a6bc24/sx3/2/ (09573a2f2c34d727bfb9154e68e97562)
hxxp://defender-jcdaz.in/936778ea093f2a51/sa1/13 (d7cbe6b3c7fdd9e420aa7456c92e2b86)
Attachments
password: infected
(1.68 MiB) Downloaded 76 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:49 am, edited 1 time in total. Reason: title edited
 #6679  by Xylitol
 Sat Jun 04, 2011 4:10 pm
Windows Salvage System

5/43 >> 11.6%
http://www.virustotal.com/file-scan/rep ... 1307201388

Image
Attachments
pwd: xylibox
(1.66 MiB) Downloaded 64 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:50 am, edited 1 time in total. Reason: title edited
 #6681  by Xylitol
 Sat Jun 04, 2011 10:11 pm
Braviax
Image of the gui changed, that all

Image

3/43 >> 7.0%
http://www.virustotal.com/file-scan/rep ... 1307221293
Attachments
pwd: xylibox
(254.98 KiB) Downloaded 66 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:50 am, edited 1 time in total. Reason: title edited
 #6695  by ngyikp
 Sun Jun 05, 2011 3:03 pm
Windows Efficiency Analyzer

A better way to make your computer more efficient is to not download and install these crapware.

Image
Attachments
password: infected
(1.68 MiB) Downloaded 69 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:51 am, edited 1 time in total. Reason: title edited
 #6708  by ngyikp
 Tue Jun 07, 2011 2:28 am
Windows Protection Alarm

BEEP BEEP BEEP BEEP BEEP BEEP

Image
Attachments
password: infected
(1.68 MiB) Downloaded 68 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:53 am, edited 1 time in total. Reason: title edited
 #6715  by ngyikp
 Tue Jun 07, 2011 3:51 pm
XP Security 2012

(FakeRean/Braviax)

Not satisfied with 2011, they decided to bump the year number to 2012. However, they STILL haven't fix the darn "Unregistred Version" typo yet!!

Image

Fake scanner page: hxxp://print.graphytop.be/SpryAssets/wp-page.php?k=Olympic-Stadium-Design

Purchase website: (I like the part where it says "Buy XP Security 2012 at 2010 price!" and that the testimonials from Twitter are longer than 140 characters and ripped from AVG website)
Image
Attachments
password: infected
(249.23 KiB) Downloaded 82 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:54 am, edited 1 time in total. Reason: title edited
 #6716  by EP_X0FF
 Tue Jun 07, 2011 4:41 pm
@ngyikp
Not Found

The requested URL /SpryAssets/wp-page.php?k=Olympic-Stadium-Design was not found on this server.
Is it suppose to be or stuff was removed? Any alive links?

Thanks.
 #6718  by ngyikp
 Wed Jun 08, 2011 2:28 am
EP_X0FF wrote:@ngyikp
Not Found

The requested URL /SpryAssets/wp-page.php?k=Olympic-Stadium-Design was not found on this server.
Is it suppose to be or stuff was removed? Any alive links?

Thanks.
Fake 404, the error page looks like Apache default, but the server is running IIS :p (comparision: hxxp://print.graphytop.be/404)
Spoof the referer from Google.com and it works.
  • 1
  • 13
  • 14
  • 15
  • 16
  • 17
  • 34