A forum for reverse engineering, OS internals and malware analysis 

Rogue Antimalware (FakeAV, 2014 year)

Forum for analysis and discussion about malware.
 Topic locked

Re: Rogue Antimalware (FakeAV, 2014 year)

 #24269  by Xylitol
 Mon Nov 03, 2014 11:11 pm
Ramtadryla wrote:Hi, maybe someone has a sample of "Spyware Defender" (or "System Defender") fake av (hxxp://spyware-defender.com)?
System Defender
• dns: 1 ›› ip: 212.7.218.11 - adress: SPYWARE-DEFENDER.COM
---
https://www.virustotal.com/en/file/4efb ... 415056336/

Image
Attachments
infected
(43.08 KiB) Downloaded 117 times

Re: Rogue Antimalware (FakeAV, 2014 year)

 #24281  by Ramtadryla
 Wed Nov 05, 2014 1:41 pm
Hi, thanks for the previous sample ("System Defender"). If possible could anyone attach a sample of "Rango Antivirus 2014"? Should be something similar to Braviax/FakeRean sample posted before by Xylitol. Domain - hxxp://ssmorf1.com/ MD5 - cbc15ca34a62d409b99726b6a2c47a93 (according to ThreatTrack - http://www.threattracksecurity.com/it-b ... kerean.pdf)

Re: Rogue Antimalware (FakeAV, 2014 year)

 #24289  by Xylitol
 Thu Nov 06, 2014 9:53 am
In attach.
Code: Select all
htxp://horisma77.com/X-l2ijw00hmmmvS4DbSBAJIGmN8KKOlT6fLjK8GVmKOeCUHtUq4xfCDkvHjLrO0H3rIH
Attachments
infected
(78.28 KiB) Downloaded 113 times

Re: Rogue Antimalware (FakeAV, 2014 year)

 #24334  by Grinler
 Wed Nov 12, 2014 10:03 pm
Latest Braviax called Sirius <os name> Antivirus|Protection 2014. List of GUI titles are:

Sirius XP Antivirus 2014
Sirius XP Protection 2014 (couldn't confirm this one)
Sirius Vista Antivirus 2014
Sirius Win 7 Antivirus 2014
Sirius Win 8 Antivirus 2014
Sirius XP Protection 2014
Sirius Vista Protection 2014
Sirius Win 7 Protection 2014
Sirius Win 8 Protection 2014

Password: infected.
Attachments
(76.44 KiB) Downloaded 134 times
 Topic locked
 Return to “Malware”