PUPs & Rogue software
Re: Malware collection
SHA256:
7e905a00dc1d73f34744654e7dbb7eebda22c4ea27f1428e92bb30da2b56c367
Dateiname:
Setup.exe
Erkennungsrate:
10 / 58
https://virustotal.com/de/file/7e905a00 ... 498231551/
7e905a00dc1d73f34744654e7dbb7eebda22c4ea27f1428e92bb30da2b56c367
Dateiname:
Setup.exe
Erkennungsrate:
10 / 58
https://virustotal.com/de/file/7e905a00 ... 498231551/
You do not have the required permissions to view the files attached to this post.
PUPs & Rogue software
Potentially unwanted & Rogue software
Alright, I dedicate this thread basically to PUPs and FakeAVs. Essentially, another rogue threads are dead, thus I want another one
If you want to contribute to this thread, please attach a screenshot of the malware and the archive, preferrably with "infected" password.
With that said, let's start the thread!
Shield Antivirus
Still up, ready to "optimize" computers
Available in different languages (using google translate), drops itself into Program Files, incredibly intrusive and constantly uses CPU.
SHA-256: 341b542a8a1eedfb88c654a23cf7d0cb6161137589ca9903dbc6ce52e66615bc
VirusTotal fail [1/67]: https://www.virustotal.com/#/file/341b5 ... /detection
hxxp://shieldapps.com/products/shield-antivirus
Screenshot:

Alright, I dedicate this thread basically to PUPs and FakeAVs. Essentially, another rogue threads are dead, thus I want another one

If you want to contribute to this thread, please attach a screenshot of the malware and the archive, preferrably with "infected" password.
With that said, let's start the thread!
Shield Antivirus
Still up, ready to "optimize" computers

SHA-256: 341b542a8a1eedfb88c654a23cf7d0cb6161137589ca9903dbc6ce52e66615bc
VirusTotal fail [1/67]: https://www.virustotal.com/#/file/341b5 ... /detection
hxxp://shieldapps.com/products/shield-antivirus
Screenshot:

You do not have the required permissions to view the files attached to this post.
Re: PUPs & Rogue software
WinThruster 2018
Another annoying fake registry scanner, usually comes with downloaders and opencandy installers. Pretends it's a panacea from every single malware sample
(e. g. hxxp://www.solvusoft.com/en/malware/trojans/trojan-vundo-gen5). Available on different languages (russian in my case). Takes a lot of RAM (nearly 400MB) and CPU (10-20%) probably because of awful scanning system. There are its "twins" as well, located on the same site, like Driver Doc or WinSweeper.
SHA-256: 850f5c5df4bd2f5c0604a3e30098655e0605fe3664560a0895228365e4213b05
VirusTotal [10/67]: https://www.virustotal.com/#/file/850f5 ... /community
hxxp://www.solvusoft.com/en/software/winthruster
Screenshot:

Another annoying fake registry scanner, usually comes with downloaders and opencandy installers. Pretends it's a panacea from every single malware sample

SHA-256: 850f5c5df4bd2f5c0604a3e30098655e0605fe3664560a0895228365e4213b05
VirusTotal [10/67]: https://www.virustotal.com/#/file/850f5 ... /community
hxxp://www.solvusoft.com/en/software/winthruster
Screenshot:

You do not have the required permissions to view the files attached to this post.
Re: PUPs & Rogue software
Antivirus 10
After launch is located in the folder "Temp" and create a dropper in the "Program Files". Blocks browser processes, changes internet settings in registry, detects fake infections and displaying alert messages to scare users.
Antivirus 10:
MD5: 8dec83870332ff5e1c1de9da28cb0cb5
SHA1: 1da00992b80e4f1d3ff1d9bc15cd16e75a55c212
SHA256: 05972b5703989db7c849a4de9bb448136574b667553ab4b8d3c012fadd960fec
VirusTotal (46/62): https://www.virustotal.com/en/file/0597 ... /analysis/
Dropper:
MD5: fc1054b2812128760d3f9e0307ded322
SHA1: 8f140709feb7f9c364ccb7b2ce6b4c6bd6c78b9b
SHA256: 503069a6471c2ae20c618911253aec85a1a4d8b89e4c306dbe8b984fd1cf6d4d
VirusTotal (46/67): https://www.virustotal.com/en/file/5030 ... /analysis/
Site (dead): hxxp://security-plus4you.xp3.biz
Screenshot:

Installer and dropper in attach.
After launch is located in the folder "Temp" and create a dropper in the "Program Files". Blocks browser processes, changes internet settings in registry, detects fake infections and displaying alert messages to scare users.
Antivirus 10:
MD5: 8dec83870332ff5e1c1de9da28cb0cb5
SHA1: 1da00992b80e4f1d3ff1d9bc15cd16e75a55c212
SHA256: 05972b5703989db7c849a4de9bb448136574b667553ab4b8d3c012fadd960fec
VirusTotal (46/62): https://www.virustotal.com/en/file/0597 ... /analysis/
Dropper:
MD5: fc1054b2812128760d3f9e0307ded322
SHA1: 8f140709feb7f9c364ccb7b2ce6b4c6bd6c78b9b
SHA256: 503069a6471c2ae20c618911253aec85a1a4d8b89e4c306dbe8b984fd1cf6d4d
VirusTotal (46/67): https://www.virustotal.com/en/file/5030 ... /analysis/
Site (dead): hxxp://security-plus4you.xp3.biz
Screenshot:

Installer and dropper in attach.
You do not have the required permissions to view the files attached to this post.
Re: PUPs & Rogue software
DriverIdentifier
Creates itself in "Program Files", shows advertisements in the scan results and shows false positives to mislead users.
Installer:
MD5: b1504d5dc801c27f56e8b7e07502c142
SHA1: 415230c32f0314ae5f24087b3519566142ef7714
SHA256: 965993496a43e7c2979695f1b5fa3966f5c0c0231040a6c1c6f6a2297e5e85c1
VirusTotal fail (1/69): https://www.virustotal.com/en/file/9659 ... /analysis/
Site: hxxp://driveridentifier.com
Screenshot:

Creates itself in "Program Files", shows advertisements in the scan results and shows false positives to mislead users.
Installer:
MD5: b1504d5dc801c27f56e8b7e07502c142
SHA1: 415230c32f0314ae5f24087b3519566142ef7714
SHA256: 965993496a43e7c2979695f1b5fa3966f5c0c0231040a6c1c6f6a2297e5e85c1
VirusTotal fail (1/69): https://www.virustotal.com/en/file/9659 ... /analysis/
Site: hxxp://driveridentifier.com
Screenshot:

You do not have the required permissions to view the files attached to this post.
Re: PUPs & Rogue software
WiperSoft
Creates itself in "Program Files" and in the scheduled tasks, shows false positives to mislead users and after that asks to buy a product.
Installer:
MD5: 9e3604e2f65d31c8a6a01fd3ddbecc39
SHA1: d0efc6e4a424e277239c535802d66b619bd02872
SHA256: af24fcdd574c1097cc1709c9be008fe129c7a9d0ec9690c7694940e3b482afa6
VirusTotal fail (2/69): https://www.virustotal.com/en/file/af24 ... 544812215/
Site: hxxp://wipersoft.com
Screenshots:

Creates itself in "Program Files" and in the scheduled tasks, shows false positives to mislead users and after that asks to buy a product.
Installer:
MD5: 9e3604e2f65d31c8a6a01fd3ddbecc39
SHA1: d0efc6e4a424e277239c535802d66b619bd02872
SHA256: af24fcdd574c1097cc1709c9be008fe129c7a9d0ec9690c7694940e3b482afa6
VirusTotal fail (2/69): https://www.virustotal.com/en/file/af24 ... 544812215/
Site: hxxp://wipersoft.com
Screenshots:

You do not have the required permissions to view the files attached to this post.
- FakeAVHunter
- Posts: 110
- Joined: Thu Feb 01, 2018 6:20 pm
- Location: Romania
- Contact:
Re: PUPs & Rogue software
XP MICRO ANTIVIRUS
His Interface :
And Ghost Antivirus with Error fixed and database repaired
His Gui
His Interface :

And Ghost Antivirus with Error fixed and database repaired
His Gui

You do not have the required permissions to view the files attached to this post.
-
- Posts: 2
- Joined: Thu Dec 20, 2018 4:58 pm
Re: AntiVirusGT With a Product License Key
NDE04-IAH40-LBF57-OLB282-XYL64
You do not have the required permissions to view the files attached to this post.
- FakeAVHunter
- Posts: 110
- Joined: Thu Feb 01, 2018 6:20 pm
- Location: Romania
- Contact:
Re: PUPs & Rogue software
Debbuged Total PC Defender 2010 to full version
NHDY-HD6G-7Fd4-M2753 that is that i found on this fake antivirus
NHDY-HD6G-7Fd4-M2753 that is that i found on this fake antivirus
You do not have the required permissions to view the files attached to this post.
- EP_X0FF
- Global Moderator
- Posts: 4872
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Contact:
Re: Malware collection
Contain runpe utorrent OpenCandy edition. Posts moved.markusg wrote: ↑Fri Jun 23, 2017 3:29 pmSHA256:
7e905a00dc1d73f34744654e7dbb7eebda22c4ea27f1428e92bb30da2b56c367
Dateiname:
Setup.exe
Erkennungsrate:
10 / 58
https://virustotal.com/de/file/7e905a00 ... 498231551/
Ring0 - the source of inspiration