[ISergey256]

My Safe PC 2014

https://www.virustotal.com/en/file/29cc ... /analysis/

[N3mes1s]

First fakeAv browser page:

http://urlquery.net/report.php?id=4676419

after

GET /index.php?c=RaEQL35Qhmg8kIEAyKydUWLt2abuVSeZkMW823tcOdHLi+sHzn+IhzfWz0ESjU4fq3YMhr4Xf4T8yLo0G1yosbiJyssK1LCmIKe4X6XXotKxBA== HTTP/1.1
Host: 212.7.195.124
Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36
Referer: hxxp://212.7.195.124/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvKheVQzm+YhzfWz1MPnw1S6zBdyf4bfpf/naQjDQHx5/+ByoM=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: uid=100

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Aug 2013 09:44:32 GMT
Content-Type: application/octet-stream
Content-Length: 512000
Connection: keep-alive
X-Powered-By: PHP/5.3.26
Content-Disposition: attachment;filename="security_cleaner.exe"

System Care Antivirus



SHA256: 6e68c2de51da4f2a5bcc99e83218a7251066393b293d1225a4ad48552c3d30f7
SHA1: a9eb52dd4842fa08ec96d284a1989432b65ff2cb
MD5: 9a189b4f7b7fe113f4798bb80f920667
File size: 500.0 KB ( 512000 bytes )
File name: fakeavdropped.exe
File type: Win32 EXE
Detection ratio: 6 / 46
Analysis date: 2013-08-22 11:49:15 UTC

https://www.virustotal.com/en/file/6e68 ... 377172155/

[Win32:Virut]

Hello, it is downloading empty file for me.

[spywar]

working for me.

[IndiGenus]

Hello, it is downloading empty file for me.

Works here too. Is your AV blocking it?

[ISergey256]

Antivirus Security Pro
https://www.virustotal.com/en/file/9005 ... /analysis/


To run in virtual machine - create file "C:\sd.dbg"

Code: Select all

if ( dword_44E050(L"C:\\sd2.dbg") != -1 ) 
    dword_44E1A8(0);
  if ( dword_44E050(L"C:\\sd.dbg") == -1 )
  {
    v15 = *(_DWORD *)"VMWARE";
    v16 = *(_WORD *)"RE";
    v17 = aVmware_0[6];
    v11 = *(_DWORD *)"VIRTUAL HD";
    v12 = *(_DWORD *)"UAL HD";
    v13 = *(_WORD *)"HD";
    v14 = aVirtualHd[10];
    v5 = dword_47223C[0];
	.................

[Win32:Virut]

I don't use any AV. It's looking that they blacklisted my IP. I was usually downloading samples from IP 212.7.195.122

[gied]

Would guess it country - based blacklist.

[bitstechs]

PC Defender 360 and My Safe PC 2014 not working on my virtual machine. Anyone else have any luck?

[EP_X0FF]

PC Defender 360 and My Safe PC 2014 not working on my virtual machine. Anyone else have any luck?

How many times this must be told? They almost all VM aware. Use real machine or patched VM.