KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2015 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=3743

Page 2 of 2

Re: Rogue Antimalware (FakeAV, 2015 year)

PostPosted:Wed Sep 16, 2015 7:30 pm
by Xylitol
From an existing campaign i believe, it got found by Kafeine with a pony and andromeda in parallel.
Variant of the dropper in attachement.

• dns: 1 ›› ip: 95.213.186.51 - adress: GETUPTATESRV.EU

MalScore fail
Image
VT: 26/57 (13 hours ago was 4/55)

Re: Rogue Antimalware (FakeAV, 2015 year)

PostPosted:Wed Sep 16, 2015 7:58 pm
by Grinler
Thanks as always for the info!

Re: Rogue Antimalware (FakeAV, 2015 year)

PostPosted:Sat Nov 14, 2015 10:06 am
by Xylitol
Not a fakeAV just a downloader but trick user with a splash screen and download/install a bunch of crap in background and drop shortcuts.
Image
VT: 3/55 - malwr
All times are UTC
Page 2 of 2
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/