[Blaze]

remark start

2010 year FakeAV
2011 year FakeAV
2012 year FakeAV
2013 year FakeAV
2014 year FakeAV

remark end

New year, new roguewares.

This one is:

Malware Defender 2015

[S!Ri]

From the same family:
Antivirus Defender 2015

2AEBBF1EF20D620BBF76C91AB4DE0C92.rar

(72.14 KiB) Downloaded 147 times

Spyware Defender (2014)

1019AAA89A1025918E158AEEDFB45404.rar

(40.97 KiB) Downloaded 102 times

[r3shl4k1sh]

Security Defender (Defender PRO 2015)

[Blaze]

Antivirus Pro 2015

[Grinler]

Thanks Blaze! Been looking for this sample.

[EP_X0FF]

@Blaze

Such a hello from the past :)

http://www.kernelmode.info/forum/viewto ... 4712#p4712

[Grinler]

@Blaze

Such a hello from the past :)

http://www.kernelmode.info/forum/viewto ... 4712#p4712

Here is the list of rogues in this family: http://www.bleepingcomputer.com/virus-r ... cdefender/

Yup, last one we saw from this family was AntiVirus Plus 2014 from 12/06/13. This was never a prolific family, with only about 11-12 variants released over a 4 year period.

[Xylitol]

Antivirus Pro 2017


Original: https://www.virustotal.com/en/file/312f ... 432579379/ > 26/57
Unpacked: https://www.virustotal.com/en/file/5187 ... 432579640/ > 15/56

Fraudulent payment processor for fake Antivirus: secure.billingauto.com 194.54.83.82
FakeAV call home: twinkcam.net 74.86.20.50
Fake site: securerem.com 194.54.83.83

Persistance: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AntiVirus Pro 2017
Fake Antivirus can be unistalled by using the argument: -uninstall

Unlock key: Y65RAW-T87FS1-U2VQF7A
Vidya: https://www.youtube.com/watch?v=Z_pLtVUCz8c

Thanks to siri for the sample.

[Xylitol]

Security Defender

Open random visa/xhamster/paypal websites and flash (epilepsy warning).

Network activity:

Code: Select all

95.213.186.51:81/purchase.php?a=0&v=1005&u=3c48680fa1def47c7406eff698ef4a67&bgload=1

VT: 6/52

[Grinler]

Thanks Xylitol. This is a new campaign?

If so they stopped being creative as this was released previously:

http://www.bleepstatic.com/swr-guides/s ... screen.jpg