MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

7.13.2012

New variant of another fake antivirus program called Live Security Platinum


This is the icon used for the fakeAV


Technical information & PE file attribute
MD5 :  8ed72a01f6dd01cf353091492d7e96c6
SHA1:  a810430d6d26e97b1a8b48898d8effe4ed8a140e
['Microsoft Visual C++ v6.0'], ['Microsoft Visual C++ 5.0'], ['Microsoft Visual C++'], ['Microsoft Visual C++ v6.0'], ['Installer VISE Custom']


PE information & sections:      
      Win32 Executable MS Visual C++ (generic) (65.2%)
      Win32 Executable Generic (14.7%)
      Win32 Dynamic Link Library (generic) (13.1%)
      Generic Win/DOS Executable (3.4%)
      DOS Executable Generic (3.4%)


     Optional Header: 0x400000
     Address Of Entry Point: 0x1953
     Compile Time: 2012-07-12 09:06:36
     Number of RVA and Sizes: 16
     Number of Sections: 4


Imported DLLs and API:
[1] KERNEL32.dll     
     0x407000 Sleep
     0x407004 CloseHandle
     0x407008 GetProcAddress
     0x40700c GetModuleHandleA
     0x407010 InterlockedExchange
     0x407014 SetEvent
     0x407018 CreateFileA
     0x40701c VirtualAllocEx
     0x407020 LCMapStringA
     0x407024 GetStringTypeW
     0x407028 GetStringTypeA
     0x40702c MultiByteToWideChar
     0x407030 RaiseException
     0x407034 LoadLibraryA
     0x407038 GetOEMCP
     0x40703c GetStartupInfoA
     0x407040 GetCommandLineA
     0x407044 GetVersion
     0x407048 ExitProcess
     0x40704c HeapFree
     0x407050 TerminateProcess
     0x407054 GetCurrentProcess
     0x407058 UnhandledExceptionFilter
     0x40705c GetModuleFileNameA
     0x407060 FreeEnvironmentStringsA
     0x407064 FreeEnvironmentStringsW
     0x407068 WideCharToMultiByte
     0x40706c GetEnvironmentStrings
     0x407070 GetEnvironmentStringsW
     0x407074 SetHandleCount
     0x407078 GetStdHandle
     0x40707c GetFileType
     0x407080 HeapDestroy
     0x407084 HeapCreate
     0x407088 VirtualFree
     0x40708c RtlUnwind
     0x407090 WriteFile
     0x407094 HeapAlloc
     0x407098 VirtualAlloc
     0x40709c HeapReAlloc
     0x4070a0 GetCPInfo
     0x4070a4 GetACP
     0x4070a8 LCMapStringW
[2] USER32.dll       
     0x4070b0 LoadBitmapA
     0x4070b4 ShowWindow
     0x4070b8 LoadImageA
     0x4070bc LoadIconA
[3] WINMM.dll        
     0x4070c4 mixerGetControlDetailsA


VT information about detection rate 22/42


Live Security Platinum screenshots
Warning popups


Live Security Platinum GUI:





Live Security Platinum monetization

Live Security Platinum registration

** Information obtained through the automated process malware analysis of CrimewareAttack Service(by  MalwareIntelligence).

Alex



0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)