Rogue Antimalware (FakeAV, 2015 year)

Forum for analysis and discussion about malware.
User avatar
Blaze
Posts: 199
Joined: Fri Aug 27, 2010 7:35 am
Contact:

Rogue Antimalware (FakeAV, 2015 year)

Post by Blaze » Thu Feb 19, 2015 9:33 am

remark start

2010 year FakeAV
2011 year FakeAV
2012 year FakeAV
2013 year FakeAV
2014 year FakeAV

remark end

New year, new roguewares.

This one is:

Malware Defender 2015
Image

Image
You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Thu Feb 19, 2015 9:39 am, edited 1 time in total.
Reason: remark

User avatar
S!Ri
Posts: 5
Joined: Fri Sep 02, 2011 7:36 am

Re: Rogue Antimalware (FakeAV, 2015 year)

Post by S!Ri » Sat Feb 21, 2015 4:04 pm

From the same family:
Antivirus Defender 2015
2AEBBF1EF20D620BBF76C91AB4DE0C92.rar
Spyware Defender (2014)
1019AAA89A1025918E158AEEDFB45404.rar
You do not have the required permissions to view the files attached to this post.

User avatar
r3shl4k1sh
Posts: 119
Joined: Tue Feb 05, 2013 10:26 pm
Location: Israel
Contact:

Re: Rogue Antimalware (FakeAV, 2015 year)

Post by r3shl4k1sh » Wed Mar 25, 2015 8:25 pm

Security Defender (Defender PRO 2015)

Image
You do not have the required permissions to view the files attached to this post.

User avatar
Blaze
Posts: 199
Joined: Fri Aug 27, 2010 7:35 am
Contact:

Re: Rogue Antimalware (FakeAV, 2015 year)

Post by Blaze » Wed Apr 22, 2015 7:21 pm

Antivirus Pro 2015

Image
You do not have the required permissions to view the files attached to this post.

Grinler
Posts: 48
Joined: Sun Mar 14, 2010 1:47 pm

Re: Rogue Antimalware (FakeAV, 2015 year)

Post by Grinler » Wed Apr 22, 2015 8:39 pm

Thanks Blaze! Been looking for this sample.
BleepingComputer.com

User avatar
EP_X0FF
Global Moderator
Posts: 4788
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Rogue Antimalware (FakeAV, 2015 year)

Post by EP_X0FF » Wed Apr 22, 2015 10:50 pm

@Blaze

Such a hello from the past :)

http://www.kernelmode.info/forum/viewto ... 4712#p4712
Ring0 - the source of inspiration

Grinler
Posts: 48
Joined: Sun Mar 14, 2010 1:47 pm

Re: Rogue Antimalware (FakeAV, 2015 year)

Post by Grinler » Wed Apr 22, 2015 11:19 pm

EP_X0FF wrote:@Blaze

Such a hello from the past :)

http://www.kernelmode.info/forum/viewto ... 4712#p4712
Here is the list of rogues in this family: http://www.bleepingcomputer.com/virus-r ... cdefender/

Yup, last one we saw from this family was AntiVirus Plus 2014 from 12/06/13. This was never a prolific family, with only about 11-12 variants released over a 4 year period.

Image
BleepingComputer.com

User avatar
Xylitol
Global Moderator
Posts: 1660
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Rogue Antimalware (FakeAV, 2015 year)

Post by Xylitol » Mon May 25, 2015 9:09 pm

Antivirus Pro 2017
Image Image Image

Original: https://www.virustotal.com/en/file/312f ... 432579379/ > 26/57
Unpacked: https://www.virustotal.com/en/file/5187 ... 432579640/ > 15/56

Fraudulent payment processor for fake Antivirus: secure.billingauto.com ⚫ 194.54.83.82
FakeAV call home: twinkcam.net ⚫ 74.86.20.50
Fake site: securerem.com ⚫ 194.54.83.83

Persistance: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AntiVirus Pro 2017
Fake Antivirus can be unistalled by using the argument: -uninstall
Image
Unlock key: Y65RAW-T87FS1-U2VQF7A
Vidya: https://www.youtube.com/watch?v=Z_pLtVUCz8c

Thanks to siri for the sample.
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1660
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Rogue Antimalware (FakeAV, 2015 year)

Post by Xylitol » Wed Sep 16, 2015 5:06 pm

Security Defender
ImageImageImage
Open random visa/xhamster/paypal websites and flash (epilepsy warning).

Network activity:

Code: Select all

95.213.186.51:81/purchase.php?a=0&v=1005&u=3c48680fa1def47c7406eff698ef4a67&bgload=1
VT: 6/52
You do not have the required permissions to view the files attached to this post.

Grinler
Posts: 48
Joined: Sun Mar 14, 2010 1:47 pm

Re: Rogue Antimalware (FakeAV, 2015 year)

Post by Grinler » Wed Sep 16, 2015 6:32 pm

Thanks Xylitol. This is a new campaign?

If so they stopped being creative as this was released previously:

http://www.bleepstatic.com/swr-guides/s ... screen.jpg
BleepingComputer.com

Post Reply