Win32:Virut wrote:2 URLs, probably FakeAVNecurs maybe?
Code: Select allhxxp://guchpaygoogles.info/data.exe hxxp://monitorsupremenike.com/data.exe
A forum for reverse engineering, OS internals and malware analysis
Buster_BSA wrote:Yes, part of.Win32:Virut wrote:2 URLs, probably FakeAVNecurs maybe?
Code: Select allhxxp://guchpaygoogles.info/data.exe hxxp://monitorsupremenike.com/data.exe
bcdedit.exe -set TESTSIGNING ON wb %s\drivers\%s.sys %x runas ComSpec \\.\NtSecureSys SeShutdownPrivilege kernel32 IsWow64Process rb Wow64DisableWow64FsRedirection Wow64RevertWow64FsRedirection *EUDC* ZwQuerySystemInformation ntdll.dll svchost.exe SystemDefaultEUDCFont EUDC\%d ObReferenceObjectByHandle ZwDuplicateToken ObOpenObjectByPointer PsReferencePrimaryToken PsInitialSystemProcess ObfReferenceObject IoGetCurrentProcess KeDelayExecutionThread
Ring0 - the source of inspiration
http://siri-urz.blogspot.fr/2012/12/mul ... ender.html
4/45 >> https://www.virustotal.com/file/1d760d9 ... 355911576/
4/45 >> https://www.virustotal.com/file/1d760d9 ... 355911576/
Attachments
infected
(29.93 KiB) Downloaded 96 times
(29.93 KiB) Downloaded 96 times
FakeRean + landings
https://www.virustotal.com/file/d4f5511 ... 356088558/
https://www.virustotal.com/file/d4f5511 ... 356088558/
Attachments
infected
(272.48 KiB) Downloaded 106 times
(272.48 KiB) Downloaded 106 times
FakeAV/FakeAlert observed and collected in the 2012 year.
Please post any new samples in actual thread.
This thread now archived.
Please post any new samples in actual thread.
This thread now archived.
Ring0 - the source of inspiration