PUPs & Rogue software

[markusg]

SHA256:
7e905a00dc1d73f34744654e7dbb7eebda22c4ea27f1428e92bb30da2b56c367
Dateiname:
Setup.exe
Erkennungsrate:
10 / 58
https://virustotal.com/de/file/7e905a00 ... 498231551/

[Ene]

Potentially unwanted & Rogue software

Alright, I dedicate this thread basically to PUPs and FakeAVs. Essentially, another rogue threads are dead, thus I want another one
If you want to contribute to this thread, please attach a screenshot of the malware and the archive, preferrably with "infected" password.

With that said, let's start the thread!

Shield Antivirus

Still up, ready to "optimize" computers Available in different languages (using google translate), drops itself into Program Files, incredibly intrusive and constantly uses CPU.

SHA-256: 341b542a8a1eedfb88c654a23cf7d0cb6161137589ca9903dbc6ce52e66615bc
VirusTotal fail [1/67]: https://www.virustotal.com/#/file/341b5 ... /detection

hxxp://shieldapps.com/products/shield-antivirus

Screenshot:

[Ene]

WinThruster 2018

Another annoying fake registry scanner, usually comes with downloaders and opencandy installers. Pretends it's a panacea from every single malware sample (e. g. hxxp://www.solvusoft.com/en/malware/trojans/trojan-vundo-gen5). Available on different languages (russian in my case). Takes a lot of RAM (nearly 400MB) and CPU (10-20%) probably because of awful scanning system. There are its "twins" as well, located on the same site, like Driver Doc or WinSweeper.

SHA-256: 850f5c5df4bd2f5c0604a3e30098655e0605fe3664560a0895228365e4213b05
VirusTotal [10/67]: https://www.virustotal.com/#/file/850f5 ... /community

hxxp://www.solvusoft.com/en/software/winthruster

Screenshot:

[Fedor22]

Antivirus 10
After launch is located in the folder "Temp" and create a dropper in the "Program Files". Blocks browser processes, changes internet settings in registry, detects fake infections and displaying alert messages to scare users.
Antivirus 10:
MD5: 8dec83870332ff5e1c1de9da28cb0cb5
SHA1: 1da00992b80e4f1d3ff1d9bc15cd16e75a55c212
SHA256: 05972b5703989db7c849a4de9bb448136574b667553ab4b8d3c012fadd960fec
VirusTotal (46/62): https://www.virustotal.com/en/file/0597 ... /analysis/
Dropper:
MD5: fc1054b2812128760d3f9e0307ded322
SHA1: 8f140709feb7f9c364ccb7b2ce6b4c6bd6c78b9b
SHA256: 503069a6471c2ae20c618911253aec85a1a4d8b89e4c306dbe8b984fd1cf6d4d
VirusTotal (46/67): https://www.virustotal.com/en/file/5030 ... /analysis/
Site (dead): hxxp://security-plus4you.xp3.biz
Screenshot:

Installer and dropper in attach.

[Fedor22]

DriverIdentifier
Creates itself in "Program Files", shows advertisements in the scan results and shows false positives to mislead users.
Installer:
MD5: b1504d5dc801c27f56e8b7e07502c142
SHA1: 415230c32f0314ae5f24087b3519566142ef7714
SHA256: 965993496a43e7c2979695f1b5fa3966f5c0c0231040a6c1c6f6a2297e5e85c1
VirusTotal fail (1/69): https://www.virustotal.com/en/file/9659 ... /analysis/
Site: hxxp://driveridentifier.com
Screenshot:

[Fedor22]

WiperSoft
Creates itself in "Program Files" and in the scheduled tasks, shows false positives to mislead users and after that asks to buy a product.
Installer:
MD5: 9e3604e2f65d31c8a6a01fd3ddbecc39
SHA1: d0efc6e4a424e277239c535802d66b619bd02872
SHA256: af24fcdd574c1097cc1709c9be008fe129c7a9d0ec9690c7694940e3b482afa6
VirusTotal fail (2/69): https://www.virustotal.com/en/file/af24 ... 544812215/
Site: hxxp://wipersoft.com
Screenshots:

[FakeAVHunter]

XP MICRO ANTIVIRUS
His Interface :
And Ghost Antivirus with Error fixed and database repaired
His Gui

[AnnamarieJ]

NDE04-IAH40-LBF57-OLB282-XYL64

[FakeAVHunter]

Debbuged Total PC Defender 2010 to full version
NHDY-HD6G-7Fd4-M2753 that is that i found on this fake antivirus

TotalPCDefender2010sampledebug.zip

[EP_X0FF]

SHA256:
7e905a00dc1d73f34744654e7dbb7eebda22c4ea27f1428e92bb30da2b56c367
Dateiname:
Setup.exe
Erkennungsrate:
10 / 58
https://virustotal.com/de/file/7e905a00 ... 498231551/

Contain runpe utorrent OpenCandy edition. Posts moved.