A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #32438  by Fedor22
 Sat Jan 12, 2019 7:48 pm
Perfect PC Cleanup
Creates itself in "Program Files", changes internet settings in the registry, shows false positives and asks to buy a product after scan.
Installer:
MD5: ed1954e40caf59b1335893e156661fef
SHA1: 37c066fcab1f704d8a5de58c3e3ce1942726e396
SHA256: b00129823975a8f54d4c4ff039817038d77690615002571d370180fbc0303a78
VirusTotal (33/69): https://www.virustotal.com/en/file/b001 ... /analysis/
Site: hxxp://perfectpccleanup.com
Screenshot:
Image
You do not have the required permissions to view the files attached to this post.
 #32569  by FakeAVHunter
 Sat Feb 09, 2019 7:52 pm
Personal Antivirus (Internet Antivirus Family)
His Image : Image
Due to problems and errors with this rogue the MD5 CANNOT BE SHOWED DUE TO FILES ERRORS
Personal Antivirus InternetAntivirus.zip
His License Key : 4db8b3bab2b6b5bfb7b1b9b299510a73e34bc42c95f55ec61e87ef50
Sample fixed from password protected installer :D
You do not have the required permissions to view the files attached to this post.
 #32645  by FakeAVHunter
 Sun Mar 03, 2019 10:50 am
InfoPure 2010 Korean Rogue
Image :
9d0445176b2b882a.PNG
Sample :
You do not have the required permissions to view the files attached to this post.
 #32660  by FakeAVHunter
 Sat Mar 09, 2019 8:53 am
WinReanimator Rogue + Fixed Crashes
Image
WinReanimator.zip
You do not have the required permissions to view the files attached to this post.
 #32768  by FakeAVHunter
 Fri Mar 29, 2019 5:36 pm
PC Defender Full Version
Image : Image
Take a look at the sample of cracked version of PC Defender russian without trial version :lol: :lol: :lol:
He is a well known fakeav and here is the sample for trying :D
PC Defender Antivirus Rudoct Russian Crack.zip
You do not have the required permissions to view the files attached to this post.
 #32982  by FakeAVHunter
 Thu Jun 06, 2019 6:35 pm
XP Protector 2009
Image : Image
Full Version After i cracked is similar to Antivirus XP 2008 Simple as a slice of pizza :-)
Image

0043E907 address i found all text strings MOV AL,BYTE PTR DS:[EAX] then i replaced in MOV AL,1
I dumped the debugged process
Code: Select all
LIC�����LIC�����-���0000��������6F740084937EAB76D1A407DE455B5297D1C5047CD79C630E5702B46455E1F2B8
Unfortunately i cannot save the file that i cracked :-( the serial is cryptographic as desktop security 2010.
You do not have the required permissions to view the files attached to this post.
 #32986  by FakeAVHunter
 Sat Jun 08, 2019 4:34 pm
I found a fakeav with alive domains and from fake scan sites :
hxxp://protection-suite.totalh.net/index.html
hxxp://protection-suite.totalh.net/scanner/scan.html
Both are working but i cannot dump the executable and i found nice thing :-D
A clone of antivirus 10 :-)
bandicam 2019-06-07 23-34-57-290.jpg
Live Protection Suite 2019.zip
Video Review : https://www.youtube.com/watch?v=xUiWJyw4rqI
Soon i release a removal tool for this fakeav.
Unfortunately i cannot find AntiPCDefender and save the cracked files of XP Protector 2009 and Antivirus XP 2008 i cracked but is not saving executable modifited :-(
You do not have the required permissions to view the files attached to this post.
 #33000  by FakeAVHunter
 Fri Jun 14, 2019 9:19 am
Live Security Vista XP + Vista Gui and Live Enterprise Suite
Image
Image

Live Enterprise Suite
Image
Live Security Suite.zip
Live Security Suite Vista.zip
Live Enterprise Suite.zip
I need a unpacker for dump all those rogues from internetantivirus family for saving a modification i will not post that request so i will do later you can find on topic reverse engineer
You do not have the required permissions to view the files attached to this post.
 #33025  by FakeAVHunter
 Fri Jun 28, 2019 2:00 pm
I Found three rare rogues and one fakeav encrypt your .doc files install a dll that running as a stealth FakeCorr and detect the corrupted file as malware file damaged.
Rogue File repair.
C:\Windows\system32\fpfstb.dll running with csrss.exe and svchost
1.AV Care
Image
Full Version Image
2.FileFix Professional 2009 + Infection Proof
Image
Image
3.Antivira AV FakeSpyPro
Image
The Antivira AV Sample working i tested in all windows :-)
To Activate AVCare A Command line was found
c:\Program Files\AV Care\AVCare.exe /setpaid other command was found -update -setpaid -uninstall -install
So i waited more for unpacking the exe from the KernelMode Reverse Enginner topic so i am not post links so you know already
Last rogue antimalware fakeav i debug with success
VirusRemover2008
VirusRemover2009
VirusIsolator
AntiMalwareGuard
Total Virus Protection and other i am not enumerate all
You do not have the required permissions to view the files attached to this post.