A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #6250  by Xylitol
 Sun May 08, 2011 10:52 pm
loc: hXXp://scan0.goerges.co.be/index.php?Q2PhD9QgbVBGUHo/M7FLgSv1E3X4Hzd5oSLyIgcUpKrVLC/phHMpM1HKq6rgLVqTsAehBCP3EEo10ZT6oHrN4EQ0ZYnJBO1zKdYCQkSk

Image

https://www.virustotal.com/file-scan/re ... 1304893509
5/42 >> 11.9%
Attachments
See archive comment for password
(106.32 KiB) Downloaded 60 times
 #6287  by Maxstar
 Wed May 11, 2011 12:40 pm
PC Security Guardian

Another sample of PC Security Guardian.
MD5 : b38342217e998ccd0221236efb679968
Result: 6 /42 (14.3%)
http://www.virustotal.com/file-scan/rep ... 1304968337
Attachments
PW=infected
(2.26 MiB) Downloaded 65 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:43 am, edited 1 time in total. Reason: title edited
 #6300  by ngyikp
 Thu May 12, 2011 11:35 am
Windows Attention Utility
repacked with a different name >_<

fake scanner page: hxxp://software-s3h3.co.cc/c3694735a184cb7c/sa1/0/ (no Referer spoofing required)

Image

Image
Attachments
password: infected
(1.68 MiB) Downloaded 68 times
 #6309  by Xylitol
 Fri May 13, 2011 11:42 am
Image

Braviax rogue + a copy of the fake scanner page (and cool, that not obfuscated)

ars.exe: 8/42 >> 19.0%
https://www.virustotal.com/file-scan/re ... 1305285935

BestAntivirus2011.exe: 7/42 >> 16.7%
https://www.virustotal.com/file-scan/re ... 1305285947
Attachments
See archive comment for password
(609.71 KiB) Downloaded 79 times
 #6317  by Xylitol
 Sat May 14, 2011 10:50 am
Security Shield Pro 2011 (wtf)

loc: hxxp://188.229.88.192/f.php
hxxp://95.64.56.164/cb_soft.php?q=OElaFhMFBk1SFFZORwVXSFBEcW53dWZjemFWRxADVkpYRwhBQgVXTlYPXg==

Image

Setup.exe: 0/41 >> 0.0%
https://www.virustotal.com/file-scan/re ... 1305369160

SSP.exe: 0/42 >> 0.0%
http://www.virustotal.com/file-scan/rep ... 1305369261

Interesting that seem ripped from VirusKeeper.
Attachments
See archive comment for password
(4.86 MiB) Downloaded 71 times
Last edited by EP_X0FF on Fri May 27, 2011 3:16 pm, edited 1 time in total. Reason: title edited
 #6328  by ngyikp
 Sun May 15, 2011 12:42 am
Windows Tasks Optimizer
repacked bullshit

hxxp://software-p8we.co.cc/e694597eeccf2d14/sa1/0/

Image
Attachments
password: infected
(1.68 MiB) Downloaded 67 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:44 am, edited 1 time in total. Reason: title edited
 #6337  by Xylitol
 Mon May 16, 2011 9:42 am
Attachments
See archive comment for password
(195.79 KiB) Downloaded 56 times
See archive comment for password
(333.89 KiB) Downloaded 57 times
See archive comment for password
(1.62 MiB) Downloaded 65 times
 #6356  by bitx
 Tue May 17, 2011 11:18 am
Windows Activity Inspector

Image
Attachments
pass=malware
(1.67 MiB) Downloaded 66 times
Last edited by EP_X0FF on Fri May 27, 2011 3:17 pm, edited 1 time in total. Reason: title edited
 #6359  by vyosek
 Tue May 17, 2011 1:10 pm
Hi all,

have somebody fake AV "Best Malware Protection"
Image

Thx, vyosek - moderator viry.cz\forum, member of ASAP
  • 1
  • 10
  • 11
  • 12
  • 13
  • 14
  • 34