PUPs & Rogue software

Forum for analysis and discussion about malware.
Post Reply
User avatar
Ene
Posts: 3
Joined: Mon Jun 19, 2017 5:06 pm

PUPs & Rogue software

Post by Ene » Sat Oct 27, 2018 5:32 pm

Potentially unwanted & Rogue software

Alright, I dedicate this thread basically to PUPs and FakeAVs. Essentially, another rogue threads are dead, thus I want another one :)
If you want to contribute to this thread, please attach a screenshot of the malware and the archive, preferrably with "infected" password.

With that said, let's start the thread!

Shield Antivirus

Still up, ready to "optimize" computers ;) Available in different languages (using google translate), drops itself into Program Files, incredibly intrusive and constantly uses CPU.

SHA-256: 341b542a8a1eedfb88c654a23cf7d0cb6161137589ca9903dbc6ce52e66615bc
VirusTotal fail [1/67]: https://www.virustotal.com/#/file/341b5 ... /detection

hxxp://shieldapps.com/products/shield-antivirus

Screenshot:
Image
You do not have the required permissions to view the files attached to this post.

User avatar
Ene
Posts: 3
Joined: Mon Jun 19, 2017 5:06 pm

Re: PUPs & Rogue software

Post by Ene » Sun Oct 28, 2018 4:37 pm

WinThruster 2018

Another annoying fake registry scanner, usually comes with downloaders and opencandy installers. Pretends it's a panacea from every single malware sample :D (e. g. hxxp://www.solvusoft.com/en/malware/trojans/trojan-vundo-gen5). Available on different languages (russian in my case). Takes a lot of RAM (nearly 400MB) and CPU (10-20%) probably because of awful scanning system. There are its "twins" as well, located on the same site, like Driver Doc or WinSweeper.

SHA-256: 850f5c5df4bd2f5c0604a3e30098655e0605fe3664560a0895228365e4213b05
VirusTotal [10/67]: https://www.virustotal.com/#/file/850f5 ... /community

hxxp://www.solvusoft.com/en/software/winthruster

Screenshot:
Image
You do not have the required permissions to view the files attached to this post.

Fedor22
Posts: 34
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: PUPs & Rogue software

Post by Fedor22 » Sun Oct 28, 2018 4:42 pm

Antivirus 10
After launch is located in the folder "Temp" and create a dropper in the "Program Files". Blocks browser processes, changes internet settings in registry, detects fake infections and displaying alert messages to scare users.
Antivirus 10:
MD5: 8dec83870332ff5e1c1de9da28cb0cb5
SHA1: 1da00992b80e4f1d3ff1d9bc15cd16e75a55c212
SHA256: 05972b5703989db7c849a4de9bb448136574b667553ab4b8d3c012fadd960fec
VirusTotal (46/62): https://www.virustotal.com/en/file/0597 ... /analysis/
Dropper:
MD5: fc1054b2812128760d3f9e0307ded322
SHA1: 8f140709feb7f9c364ccb7b2ce6b4c6bd6c78b9b
SHA256: 503069a6471c2ae20c618911253aec85a1a4d8b89e4c306dbe8b984fd1cf6d4d
VirusTotal (46/67): https://www.virustotal.com/en/file/5030 ... /analysis/
Site (dead): hxxp://security-plus4you.xp3.biz
Screenshot:
Image
Installer and dropper in attach.
You do not have the required permissions to view the files attached to this post.

Fedor22
Posts: 34
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: PUPs & Rogue software

Post by Fedor22 » Fri Nov 02, 2018 5:04 pm

DriverIdentifier
Creates itself in "Program Files", shows advertisements in the scan results and shows false positives to mislead users.
Installer:
MD5: b1504d5dc801c27f56e8b7e07502c142
SHA1: 415230c32f0314ae5f24087b3519566142ef7714
SHA256: 965993496a43e7c2979695f1b5fa3966f5c0c0231040a6c1c6f6a2297e5e85c1
VirusTotal fail (1/69): https://www.virustotal.com/en/file/9659 ... /analysis/
Site: hxxp://driveridentifier.com
Screenshot:
Image
You do not have the required permissions to view the files attached to this post.

Fedor22
Posts: 34
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: PUPs & Rogue software

Post by Fedor22 » Fri Dec 14, 2018 6:40 pm

WiperSoft
Creates itself in "Program Files" and in the scheduled tasks, shows false positives to mislead users and after that asks to buy a product.
Installer:
MD5: 9e3604e2f65d31c8a6a01fd3ddbecc39
SHA1: d0efc6e4a424e277239c535802d66b619bd02872
SHA256: af24fcdd574c1097cc1709c9be008fe129c7a9d0ec9690c7694940e3b482afa6
VirusTotal fail (2/69): https://www.virustotal.com/en/file/af24 ... 544812215/
Site: hxxp://wipersoft.com
Screenshots:
Image
You do not have the required permissions to view the files attached to this post.

User avatar
FakeAVHunter
Posts: 98
Joined: Thu Feb 01, 2018 6:20 pm
Location: Romania
Contact:

Re: PUPs & Rogue software

Post by FakeAVHunter » Sat Dec 15, 2018 8:27 am

XP MICRO ANTIVIRUS
His Interface : Image
And Ghost Antivirus with Error fixed and database repaired
His Gui Image
You do not have the required permissions to view the files attached to this post.

Post Reply