Fraud/Rouge software

Forum for analysis and discussion about malware.
User avatar
Xylitol
Global Moderator
Posts: 1659
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Fraud/Rouge software

Post by Xylitol » Tue Nov 15, 2011 12:08 pm

Interesting article from the MMPC ~ Easy Money: Program:Win32/Pameseg (part one)
http://blogs.technet.com/b/mmpc/archive ... t-one.aspx

HoaxSMS Skype in attach.
http://www.virustotal.com/file-scan/rep ... 1321358231
You do not have the required permissions to view the files attached to this post.

bitx
Posts: 61
Joined: Thu Mar 17, 2011 9:31 am

Re: Fraud/Rouge software

Post by bitx » Wed Nov 16, 2011 11:48 am

System Fix

Image
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1659
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Fraud/Rouge software

Post by Xylitol » Thu Nov 17, 2011 2:40 pm

You do not have the required permissions to view the files attached to this post.

icr
Posts: 8
Joined: Mon Aug 22, 2011 6:22 pm

Re: Fraud/Rouge software

Post by icr » Mon Nov 21, 2011 4:44 pm

Variant of security shield

MD5 : 327A5F001B9F922912E6DCE239B2CB98 http://www.virustotal.com/file-scan/rep ... 1321810298

MD5 : EA77763BDC21F76166A056BD6360DF26 http://www.virustotal.com/file-scan/rep ... 1321880331

regards,
icr ;)
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1659
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Fraud/Rouge software

Post by Xylitol » Wed Nov 30, 2011 8:20 pm

System fix 2/43 >> 4.7%
http://www.virustotal.com/file-scan/rep ... 1322683788

with fake error flood and shit's like in movies
Image
You do not have the required permissions to view the files attached to this post.

rough_spear
Posts: 163
Joined: Mon Oct 18, 2010 4:46 pm
Location: India

Re: Banking malware

Post by rough_spear » Thu Mar 15, 2012 5:44 am

Hi All, :D
Probably be a Win32.Banker as i didn't tested it yet.

VT link - https://www.virustotal.com/file/bbff0da ... /analysis/
SHA256: bbff0dad6a97b0de581aa100db6405154f9f789a02f23d140e1abb2b867fd361

web link - hxxp://www.spyware-adware-remover.com/sr/FixEr ... ryScan.exe

Regards,

rough_spear. ;)
You do not have the required permissions to view the files attached to this post.

User avatar
EP_X0FF
Global Moderator
Posts: 4781
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Banking malware

Post by EP_X0FF » Thu Mar 15, 2012 10:52 am

rough_spear wrote:Hi All, :D
Probably be a Win32.Banker as i didn't tested it yet.

VT link - https://www.virustotal.com/file/bbff0da ... /analysis/
SHA256: bbff0dad6a97b0de581aa100db6405154f9f789a02f23d140e1abb2b867fd361

web link - hxxp://www.spyware-adware-remover.com/sr/FixEr ... ryScan.exe

Regards,

rough_spear. ;)
It is a fake registry fixer packed in SFX archive and created with AutoPlay Media Studio 5 Runtime.
Posts moved.
Ring0 - the source of inspiration

HackJack
Posts: 29
Joined: Tue Jun 28, 2011 10:42 pm

Re: Rogue antimalware (FakeAV, FakeAlert)

Post by HackJack » Thu Mar 29, 2012 7:04 pm

Pass: infected
You do not have the required permissions to view the files attached to this post.

Cody Johnston
Posts: 157
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Contact:

Re: Rogue antimalware (FakeAV, FakeAlert)

Post by Cody Johnston » Sat Mar 31, 2012 4:00 am

Another fake HDD scanner

SMART_HDD

Image

VT: 4/42

SHA256: 06d6cecba33b796a44fbeb931425280786b1d7438f26f0765704c32673ad478c

https://www.virustotal.com/file/06d6cec ... 333166038/
You do not have the required permissions to view the files attached to this post.

User avatar
thisisu
Posts: 362
Joined: Sun Feb 26, 2012 8:57 am
Contact:

Re: Rogue antimalware (FakeAV, FakeAlert)

Post by thisisu » Sun Apr 29, 2012 3:45 am

This has been reported to be S.M.A.R.T. - Data Recovery
Image
Guessing it has some type of VMDetect code. Help making VM friendly appreciated :)
https://www.virustotal.com/file/a5992ff ... 335670348/
You do not have the required permissions to view the files attached to this post.

Post Reply