This topic is about malwares so BestMP IS categorized as malware
Here is Best.zip sample first i run the ms_update107_2230.exe that installs
This rogue cant be installed so he leaved a folder and 0 kb file
Folder name : e8e775
File NAME : BMe8e_2230.exe
That part with e8e is writted by foldername and file it have a match
I Runned the external file And crash Runtime error i think is caused by other things.He leaved cmdhost that delete itself because error occured.
Is the sample exe broken?
Is invalid folders and file names.
Do needs unpack?
I think do not spam but i will do malware unpack request 2 later.
Now i create a folder.
First i insert the following characters b49 that are associated with BMb49_2230.exe
Example of folder names for this file
b49 - xxx three random characters you want WARNING MAX 6 CHARACTERS FOLDER
Like example b492ht b493jb and b49 - (Many more)
The file name at start is BM = Best malware protection at end is _2230 random things.
The folder has been created finally
I Moved the old 4 -5 fakeav years in the folder name that i invented his random name and opening command prompt.
The rogue exe is encrypted so he cant run without this crappy commands /hkd or /s /d
So i inserted this command /s /d and after the command he dropped folders and finally works
FAKEAV IN BACKGROUND PROCESS
I Learned a lesson about this fakevimes threat.He refuse to be runned on virtual machine antivm So he like to be runned on my host pc and i dont care i can remove this with MBAM OR Remove manually
I Dont like spam so i showed my clever or nice attempts to make him works in present.For more PM ME.
Blame the file and folder name.So is a lower change to make this to work on host OS windows
Here is Best.zip sample first i run the ms_update107_2230.exe that installs
This rogue cant be installed so he leaved a folder and 0 kb file
Folder name : e8e775
File NAME : BMe8e_2230.exe
That part with e8e is writted by foldername and file it have a match
I Runned the external file And crash Runtime error i think is caused by other things.He leaved cmdhost that delete itself because error occured.
Is the sample exe broken?
Is invalid folders and file names.
Do needs unpack?
I think do not spam but i will do malware unpack request 2 later.
Now i create a folder.
First i insert the following characters b49 that are associated with BMb49_2230.exe
Example of folder names for this file
b49 - xxx three random characters you want WARNING MAX 6 CHARACTERS FOLDER
Like example b492ht b493jb and b49 - (Many more)
The file name at start is BM = Best malware protection at end is _2230 random things.
The folder has been created finally
I Moved the old 4 -5 fakeav years in the folder name that i invented his random name and opening command prompt.
The rogue exe is encrypted so he cant run without this crappy commands /hkd or /s /d
So i inserted this command /s /d and after the command he dropped folders and finally works
FAKEAV IN BACKGROUND PROCESS
I Learned a lesson about this fakevimes threat.He refuse to be runned on virtual machine antivm So he like to be runned on my host pc and i dont care i can remove this with MBAM OR Remove manually
I Dont like spam so i showed my clever or nice attempts to make him works in present.For more PM ME.
Blame the file and folder name.So is a lower change to make this to work on host OS windows
My Favorite virus thing is fakeav
I'd like to research them and to activate.
Who Revive the fakeav?Who crack them?Who test them?
I'd like to research them and to activate.
Who Revive the fakeav?Who crack them?Who test them?
