Rogue Antimalware (FakeAV, 2015 year)

13 posts

Topic locked

Re: Rogue Antimalware (FakeAV, 2015 year)

#26745 by Xylitol
Wed Sep 16, 2015 7:30 pm

From an existing campaign i believe, it got found by Kafeine with a pony and andromeda in parallel.
Variant of the dropper in attachement.

• dns: 1 ›› ip: 95.213.186.51 - adress: GETUPTATESRV.EU

MalScore fail

VT: 26/57 (13 hours ago was 4/55)

Attachments

d88ef54951aac1b15e7ddfd6bbd3f555b288be7aa50dddfba83c51ecd4443916.zip

infected
(128.85 KiB) Downloaded 70 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Rogue Antimalware (FakeAV, 2015 year)

#26746 by Grinler
Wed Sep 16, 2015 7:58 pm

Thanks as always for the info!

BleepingComputer.com

Username

Grinler

Posts

Joined

Sun Mar 14, 2010 1:47 pm

Re: Rogue Antimalware (FakeAV, 2015 year)

#27226 by Xylitol
Sat Nov 14, 2015 10:06 am

Not a fakeAV just a downloader but trick user with a splash screen and download/install a bunch of crap in background and drop shortcuts.

VT: 3/55 - malwr

Attachments

2512a7a4c3dff9b8f0c482328497f1bf35dbb0302d87e76c68f507caa2dfa6c5.zip

infected
(1.67 MiB) Downloaded 79 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Topic locked

Page 2 of 2
13 posts

Return to “Malware”

Display:

Sort by:

Jump to: