A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #31722  by FakeAVHunter
 Sat Jun 23, 2018 1:40 pm
Windows Paramount Protection
He is same as windows expert console aka fakevimes.
I Am a youtuber , have fun with this sample from virusshare.
pass : infected
(883.22 KiB) Downloaded 17 times
 #31769  by FakeAVHunter
 Wed Jul 04, 2018 6:57 am
Security Guard 2012 found sample by me.
Images : Image

Screenshot (999).png
Screenshot (999).png (384.26 KiB) Viewed 302 times
Screenshot (1003).png
Screenshot (1003).png (673.13 KiB) Viewed 302 times
AV Results : AhnLab-V3 = Trojan/Win32.Jorik
AntiVir = TR/Crypt.ZPACK.Gen
Antiy-AVL = Backdoor/Win32.Gbot.gen
Avast = Win32:Cycbot-MS [Trj]
AVG = Generic25.SSN
BitDefender = Trojan.Generic.KD.371604
CAT-QuickHeal = Backdoor.Cycbot.B
Commtouch = W32/Goolbot.N.gen!Eldorado
Comodo = Heur.Suspicious
DrWeb = Trojan.DownLoader5.840
Emsisoft = Trojan.Win32.FakeAV!IK
eSafe = Win32.TRCrypt.ZPACK
eTrust-Vet = Win32/FraudSecurity.B!generic
F-Prot = W32/Goolbot.N.gen!Eldorado
F-Secure = Rogue:W32/OpenCloud.A
Fortinet = W32/FakeAV.ISS!tr
GData = Trojan.Generic.KD.371604
Ikarus = Trojan.Win32.FakeAV
K7AntiVirus = Backdoor
Kaspersky = Backdoor.Win32.Gbot.pld
McAfee-GW-Edition = BackDoor-EXI.gen.t
McAfee = BackDoor-EXI.gen.t
Microsoft = Rogue:Win32/FakeScanti
NOD32 = a variant of Win32/Kryptik.TOL
Norman = W32/Cycbot.EH
nProtect = Trojan/W32.Agent.2407424.H
Panda = Trj/Cycbot.gen
PCTools = Trojan.Gen
Sophos = Mal/FakeAV-IS
Symantec = Trojan.Gen.2
TheHacker = Trojan/Kryptik.tol
TrendMicro-HouseCall = TROJ_SPNR.15L411
TrendMicro = TROJ_SPNR.15L411
VBA32 = Backdoor.Gbot.pld
VIPRE = Trojan.Win32.FakeAV.IS (v)
VirusBuster = Trojan.Cycbot.Gen!Pac.5
Size of malware : 2.29 mb 2,351 kb
MD5 66613048c0761907dbf89e63a3c2b060
SHA1 508d73343ad03ea9bb16dc240afa45dbfd7e6fc3
SHA256 12b9716fee979c9f803b760b330973ea69a9d69292461beee0906c70b68e20ec
Thanks Virusshare.I Make a youtube video about this soon.
The activation code and kill code are : 9972665267 9992665263
Download sample :
pass : infected
(2.14 MiB) Downloaded 21 times
 #32110  by FakeAVHunter
 Fri Sep 14, 2018 5:54 am
Screenshot (346).png
My attempts to make w32/fakevimes working
Screenshot (346).png (371.04 KiB) Viewed 237 times
I Dont need unpack fixvm sometimes so fakevimes was created to work only on host pc
Renaming the folder and file that fakevimes accept and /s /d command can work
 #33249  by FakeAVHunter
 Sun Nov 03, 2019 12:25 pm
Upon this topic which is my favorite i like to say i am the single user when is best at FakeAV / Rogue Cracking session i think for all users from kernelmode do not feel bad. about this.I Had to say this post is or not off topic.Fraud Rogue Software will try to be closed because is dead topic :-( but is a new topic if someone is interested about me and my builded activators / registry hacks etc.In the present year i am so interesting at reverse the old Rogue Antimalware and i am not flex my sentences about this.I'm not supposed to post attachments and patches to my favorite type of malware i did not wanna to break a rule or suffering so there is too much to explain so i am 50 % best at unpacking is not a problem but sometimes i request some tools for fun and test purposes.I Am not understand sometimes but if you wanna to post interesting and never seen fakeav and activated version Go to the new kernelmode topic.
New topic to post : viewtopic.php?f=16&t=5258
Fraud Fakeav topic dead.
Regards from Alin.We are sorry :crying:
  • 1
  • 8
  • 9
  • 10
  • 11
  • 12