A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #25724  by Grinler
 Wed Apr 22, 2015 11:19 pm
EP_X0FF wrote:@Blaze

Such a hello from the past :)

http://www.kernelmode.info/forum/viewto ... 4712#p4712
Here is the list of rogues in this family: http://www.bleepingcomputer.com/virus-r ... cdefender/

Yup, last one we saw from this family was AntiVirus Plus 2014 from 12/06/13. This was never a prolific family, with only about 11-12 variants released over a 4 year period.

 #25931  by Xylitol
 Mon May 25, 2015 9:09 pm
Antivirus Pro 2017
Image Image Image

Original: https://www.virustotal.com/en/file/312f ... 432579379/ > 26/57
Unpacked: https://www.virustotal.com/en/file/5187 ... 432579640/ > 15/56

Fraudulent payment processor for fake Antivirus: secure.billingauto.com ⚫
FakeAV call home: twinkcam.net ⚫
Fake site: securerem.com ⚫

Persistance: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AntiVirus Pro 2017
Fake Antivirus can be unistalled by using the argument: -uninstall
Unlock key: Y65RAW-T87FS1-U2VQF7A
Vidya: https://www.youtube.com/watch?v=Z_pLtVUCz8c

Thanks to siri for the sample.
(2.07 MiB) Downloaded 156 times
 #26742  by Xylitol
 Wed Sep 16, 2015 5:06 pm
Security Defender
Open random visa/xhamster/paypal websites and flash (epilepsy warning).

Network activity:
Code: Select all
VT: 6/52
(472.73 KiB) Downloaded 108 times