sâmbătă, 23 februarie 2019

iSafeAntivirus - FakeASC Rogue AntiSpyware

iSafe Antivirus is a treacherous rogue anti-spyware program that may be similar to VirusTrigger AntiSpyCheck Antivirus Lab 2009 and More.The family fakeasc is more than the SpySheriff

Here we got his installer

After Installed Here is the main look and interface like this :
Interface GUI His skin color is Red so he is look like the VirusTrigger sample that he is green.
So he never drops Databases so this database is inside executable (itself)
He can detect however and differently
Like That he target when he wants and report as what type of threat he want :
After debug the PE Explorer he detects in a real positive somehow like MS Antivirus Rapid Antivirus (FakeSECSen , Fakepowav Spyaxe) etc.
After Threats detected he can detected more or less than 100+
 Once the Scan has been stopped it looks like this One :
 And when we try to exit or bypass payment registration fields or not remove threats it rediecting with a behavior like the WinSpywareProtect , FakeSpyPro and more
The fields for activating and paying look like that :
 And nothing is ok at this rogue virus
Unfortunately nothing activate or debug this Program RogueWare.
He have a fake-exit the process not killed or exit after prompts so the process isafeav.exe is still run background or tray.
It also may run payloads while he is running.
The Rough of the Firewall alert with differently threats IP PORT TROJAN THREAT
 And then about Spyware Alert used by other rogues like WinSpywareprotect and Fakespypro the precedents
 And this one with a behaviour like SpySheriff , Malwarrior 2007 - 2008 , WinSpywareProtect Rogues,BraveSentry , Pesttrap,MrAntispy and more.
The Filename is isf_2_1_setup.exe and extracts the dll Isafeavirwarning.dll isafeav.exe and uninstaller which they are storaged in user registry.
MD5 : B5FB5E2CC0AEFA942FF1B6B860FF24AD
SHA-1
864f9da7ebfb363383d79355f838df665f38b1f2
SHA-256
411109a898517cc59cc7dd200abffca3e50e954fff450a26e87cb93ff654c9ae

34 AV engines detected this file

Antivir : DR/FakeAlert.FK

kapersky : Trojan-FakeAV.Win32.ISafeAntivirus

ESET NOD 32 : Adware.VirusTrigger

Symantec Norton : VirusResponseLab

nProtect : Trojan.FakeAV.EX

Trendmicro : TROJ_FAKEAV.AZH

Microsoft : Program:Win32/FakeASC

Vipre : SpySheriff (fs)

ViRobot : Adware.ISafeAntivirus.R.1135568

VBA32 : Riskware.ISafeAntivirus

Video Rogue review about this virus is here : 

 Thanks to virusshare for giving me this sample since February 2018.
Publicat de la Niciun comentariu:
Etichete: , , , , , ,
Abonați-vă la: Postări (Atom)