A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #33169  by FakeAVHunter
 Fri Aug 23, 2019 7:33 am
I Found three fakeav rare and incredibily if you never review them :-)
1.GuardPro
Image
2.CheckDisk
Files Are Dropped Like This
%temp%\875248.exe
%temp%\BiTmVyykWJ.dll
%temp%\jSaAxEAXyd.exe
You may get after restart an error and a black screen with rogueware scanning for hard drive errors :-D :-D :-D
Image
Code to defeat and deal with his crap and allow uninstall
0973467457475070215340537432225
He also drop a file like 875248.lic inside file is his code registred on this pc %appdata%
3.HDDControl
Image
I found based fakeav and fakehdd which they are interesting
Password infected
Samples attached
The serial from the guardpro is reversed as AntiMalware LAB Unpacked
You do not have the required permissions to view the files attached to this post.