« previous next »
Pages: [1]   Go Down

Author Topic: Malware or Adware??  (Read 3655 times)

0 Members and 1 Guest are viewing this topic.

true indian

  • Guest
Malware or Adware??
« on: April 05, 2012, 07:33:37 AM »
See: https://www.virustotal.com/file/1fbcce03e004a03e5015c10f37451e17a5fd63723e5249e4c605d03d136f9395/analysis/1333603840/
First seen by VirusTotal
2011-12-25 22:02:23 UTC ( 3 months, 1 week ago )
Nothing detected by avast yet...
Malwarebytes detects as trojan Repack SMS
see result from camas:
http://camas.comodo.com/cgi-bin/submit?file=1fbcce03e004a03e5015c10f37451e17a5fd63723e5249e4c605d03d136f9395
anubis report:
http://anubis.iseclab.org/?action=result&task_id=16ecc2b4e885eacb4b59e47abf651a087&format=html
Threat expert says:
http://www.threatexpert.com/report.aspx?md5=bf3d598eda041e4023e0b369b6725fbd
Looks like it drops Funmood adware  ??? interesting....
Quote
%Temp%\mt_ffx\Funmoods\funmoods\1.5.12.2
Norton gives a suspicious insight on it:
http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
Reported to avast from chest.

Any guess of what it is??
« Last Edit: April 05, 2012, 07:48:16 AM by true indian »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Malware or Adware??
« Reply #1 on: April 05, 2012, 12:14:28 PM »
Sigcheck

publisher................: PC MEGA RAPIDO LTDA
product..................: ASSISTENTE DE DOWNLOAD
internal name............: ASSISTENTE DE DOWNLOAD
copyright................: (c) PC MEGA RAPIDO LTDA
original name............: pcmegarapido.exe
signing date.............: 6:51 AM 12/22/2011
signers..................: YBR INTERNET LTDA ME
               Go Daddy Secure Certification Authority
               Go Daddy Class 2 Certification Authority
file version.............: 1.0.0
description..............: ASSISTENTE DE DOWNLOAD



upload to Avira and see what they say
and you posted wrong ThreatExpert link

Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: Malware or Adware??
« Reply #2 on: May 25, 2019, 11:20:15 PM »
-download/alot/ad29/popup/pcmegarapido.exe HTTP/1.1
Still around this time seen scanned here: https://urlquery.net/report/1cf115c0-65eb-41d1-a2e8-f576532e1ddf
Re: https://www.virustotal.com/#/url/8399ee9d7402de30fd085dd95683973cb4eb6077bcdbedef21cbdb9b4ddb557a/detection
Re: http://f.virscan.org/pcmegarapido.exe.html
36% of user see this executable as safe, 64% as a danger, better to be removed.
on IP: https://www.reasoncoresecurity.com/ip-address-95.211.219.65.aspx
Dr Web flags it as malicious. Categories:
Dr.Web   known infection source/not recommended site
Forcepoint ThreatSeeker   malicious web sites

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Malware or Adware??
« Reply #3 on: May 25, 2019, 11:51:31 PM »
HISTORY
First Submission   2017-03-16 10:34:36
Last Submission   2018-08-31 20:15:24
Last Analysis   2019-05-25 21:47:53


File Names
filme.exe
pcmegarapido.exe
acelerador.exe
login.php
2
Acelerador_Setup.exe
jogo.exe
cds.exe
56654632
site_kannada-singers-hit-songs-download.xhtml



https://www.virustotal.com/#/file/802600d124464157037a2519acb3cff90b97670fd04809ea902fbb95497a12ca/details




Logged
Pages: [1]   Go Up
« previous next »