[ColdCristal]

AVASoft Antivirus Professional (new member of Disk Antivirus Professional family)

Code: Select all

SHA256:       de3d5a0132cfb24a7832ac4c4ff513a49914bea93e39ca1471183c9ad56fc429
SHA1:         fd232853bbd3114f07d0e1057da31ca442e8288c
MD5:          0d6b3c31468f2e9254bcb7c1f9752b97
File size:    539.5 KB ( 552448 bytes )
File name:    343F2DE99DB732750000343EF9AF3708.exe

VirusTotal: https://www.virustotal.com/en/file/de3d ... 363770398/

[BachMinuetInG]

Antivirus Security 2013

hxxp://tech-ava-soft.org/

Uses a great load of memory to 'scan'

[Cody Johnston]

Antivirus Security 2013

hxxp://tech-ava-soft.org/

Uses a great load of memory to 'scan'

How is this malware? This is AV using ClamAV signatures and detecting only legit malware (and removing successfully). It is installed in %programfiles% just like any other legit software. I agree that it looks like a rogue and takes a great deal of resources during scanning, but I don't see how this could be classified as a rogue AV if it does what it claims and nothing else (even if it does not work as well as others). I had it pick up infections in my zip archives as well so it even scans zip files by default. It removed any infections found without asking for money or payment of any kind and can be removed completely using Add/Remove programs in Windows.

Connections point to: 207.57.106.31
which resolves to: hxxp://database.clamav.net (legit URL for ClamAV definition updates)

download size from hxxp://tech-ava-soft.org is ~53MB - hardly the size of a usual rogue dropper

I would not use it to protect my own PC but I would not say this is program has malicious intent. Please correct me if I am wrong.

EDIT: spelling

[Xylitol]

GUI, site, payement page remind alot the BestAV work.
anyway there is ethical issue if they use free ClamAV database to sell this.

download size from hxxp://tech-ava-soft.org is ~53MB - hardly the size of a usual rogue dropper

navashield was ~52 mb
edit: http://siri-urz.blogspot.fr/2013/03/ava ... virus.html

[gied]

The payment page used for Antivirus Security 2013 ( hxxps://tech-ava-soft.org:455/p/tn/ava/ ) shows boxshot of Avasoft Professional Antivirus. Maybe this Antivirus Security 2013 is used to reduce risk of payment shut down or to download for unhappy "customers" of APA. I do not see a way for many people to choose Antivirus security 2013 without looking info on Avasoft...

[BachMinuetInG]

It's bascially half-legit.
Helps payment for FakeAV, but provides legit software. :o
The webpage also has a title 'AVASoft Professional Antivirus.
So Antivirus Security 2013 is only a 'cover-up'.

[hx1997]

4 AVASoft Antivirus Professional

[hx1997]

3 AVASoft Antivirus Professional

One of the VT reports
https://www.virustotal.com/en/file/3d59 ... 364094389/

[hx1997]

AVASoft Antivirus Professional Downloader with valid digital sign :)

捕获2.png (42.53 KiB) Viewed 637 times

Downloader 4/46
https://www.virustotal.com/file/3e9d6db ... 364112183/

Downloaded FakeAV 3/46
https://www.virustotal.com/en/file/8f93 ... 364113465/

[gied]

Hello,
I am looking for MD5 BF37091630764B6D75364DA2C6C9CA1B, more info here : http://www.isthisfilesafe.com/sha1/AEC7 ... tails.aspx