Rogue Antimalware (FakeAV, 2015 year)

Forum for analysis and discussion about malware.

Rogue Antimalware (FakeAV, 2015 year)

Postby Blaze » Thu Feb 19, 2015 9:33 am

remark start

2010 year FakeAV
2011 year FakeAV
2012 year FakeAV
2013 year FakeAV
2014 year FakeAV

remark end

New year, new roguewares.

This one is:

Malware Defender 2015
Image

Image
You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Thu Feb 19, 2015 9:39 am, edited 1 time in total.
Reason: remark
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71

Re: Rogue Antimalware (FakeAV, 2015 year)

Postby S!Ri » Sat Feb 21, 2015 4:04 pm

From the same family:
Antivirus Defender 2015
2AEBBF1EF20D620BBF76C91AB4DE0C92.rar

Spyware Defender (2014)
1019AAA89A1025918E158AEEDFB45404.rar
You do not have the required permissions to view the files attached to this post.
User avatar
S!Ri
 
Posts: 5
Joined: Fri Sep 02, 2011 7:36 am
Reputation point: 6

Re: Rogue Antimalware (FakeAV, 2015 year)

Postby r3shl4k1sh » Wed Mar 25, 2015 8:25 pm

Security Defender (Defender PRO 2015)

Image
You do not have the required permissions to view the files attached to this post.
User avatar
r3shl4k1sh
 
Posts: 119
Joined: Tue Feb 05, 2013 10:26 pm
Location: Israel
Reputation point: 41

Re: Rogue Antimalware (FakeAV, 2015 year)

Postby Blaze » Wed Apr 22, 2015 7:21 pm

Antivirus Pro 2015

Image
You do not have the required permissions to view the files attached to this post.
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71

Re: Rogue Antimalware (FakeAV, 2015 year)

Postby Grinler » Wed Apr 22, 2015 8:39 pm

Thanks Blaze! Been looking for this sample.
BleepingComputer.com
Grinler
 
Posts: 48
Joined: Sun Mar 14, 2010 1:47 pm
Reputation point: 5

Re: Rogue Antimalware (FakeAV, 2015 year)

Postby EP_X0FF » Wed Apr 22, 2015 10:50 pm

@Blaze

Such a hello from the past :)

viewtopic.php?p=4712#p4712
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4764
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

Re: Rogue Antimalware (FakeAV, 2015 year)

Postby Grinler » Wed Apr 22, 2015 11:19 pm

EP_X0FF wrote:@Blaze

Such a hello from the past :)

viewtopic.php?p=4712#p4712


Here is the list of rogues in this family: http://www.bleepingcomputer.com/virus-r ... cdefender/

Yup, last one we saw from this family was AntiVirus Plus 2014 from 12/06/13. This was never a prolific family, with only about 11-12 variants released over a 4 year period.

Image
BleepingComputer.com
Grinler
 
Posts: 48
Joined: Sun Mar 14, 2010 1:47 pm
Reputation point: 5

Re: Rogue Antimalware (FakeAV, 2015 year)

Postby Xylitol » Mon May 25, 2015 9:09 pm

Antivirus Pro 2017
Image Image Image

Original: https://www.virustotal.com/en/file/312f ... 432579379/ > 26/57
Unpacked: https://www.virustotal.com/en/file/5187 ... 432579640/ > 15/56

Fraudulent payment processor for fake Antivirus: secure.billingauto.com194.54.83.82
FakeAV call home: twinkcam.net74.86.20.50
Fake site: securerem.com194.54.83.83

Persistance: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AntiVirus Pro 2017
Fake Antivirus can be unistalled by using the argument: -uninstall
Image
Unlock key: Y65RAW-T87FS1-U2VQF7A
Vidya: https://www.youtube.com/watch?v=Z_pLtVUCz8c

Thanks to siri for the sample.
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1642
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 504

Re: Rogue Antimalware (FakeAV, 2015 year)

Postby Xylitol » Wed Sep 16, 2015 5:06 pm

Security Defender
ImageImageImage
Open random visa/xhamster/paypal websites and flash (epilepsy warning).

Network activity:
Code: Select all
95.213.186.51:81/purchase.php?a=0&v=1005&u=3c48680fa1def47c7406eff698ef4a67&bgload=1

VT: 6/52
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1642
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 504

Re: Rogue Antimalware (FakeAV, 2015 year)

Postby Grinler » Wed Sep 16, 2015 6:32 pm

Thanks Xylitol. This is a new campaign?

If so they stopped being creative as this was released previously:

http://www.bleepstatic.com/swr-guides/s ... screen.jpg
BleepingComputer.com
Grinler
 
Posts: 48
Joined: Sun Mar 14, 2010 1:47 pm
Reputation point: 5

Next

Return to Malware

Who is online

Users browsing this forum: No registered users and 10 guests