MALWARETIPS GIVEAWAY: BULLGUARD INTERNET SECURITY 2015 GIVEAWAY

EnZhSTReLniKoVa

Password for the malicious sample: infected  
Verified Malware Samples: Yes, this only contains malware

链接: http://pan.baidu.com/s/1eQs7Xya 密码: si79


Alright, I caught another one of these fake W7 activators in my malware hunting. This one is quite interesting. It tries to trick the user to be a legit activator from Team Daz. Yet, it's when you install this loader, it drops a batch file that tries to do something... Okay, it pushes the user to a site, since it has only echo commands in it.

Here is the fun part. When you try to run the actual loaders that were installed... They crash because they are 16-bit. Something is extremely fishy here.

W10 didn't block this from executing. So, yeah.

Also, the fact that this one drops a "useful links" folder with links to adult rated content raises the red flag quite high. Such be blocked.


BD右键扫描MISS  在WIN8.1 64位系统实机双击 会在C:\Program Files (x86)文件夹下生成Windows 7 Activator文件夹。 BD 主防拦截2个 后提示 此软件无法在此系统上运行。






用Windows 7 Activator 卸载程序 能卸载

乌龟dē海盗

QVM 42.1

230f4

上报eset

EnZhSTReLniKoVa

230f4 发表于 2015-6-15 06:21
上报eset

双击看看

230f4

君陌潇 发表于 2015-6-15 06:23
双击看看

晚上再试试，成人网站什么的

EnZhSTReLniKoVa

230f4 发表于 2015-6-15 06:27
晚上再试试，成人网站什么的

怎么会了。。  成人网站 我大BD又不拦截  好像透露了些什么

230f4

君陌潇 发表于 2015-6-15 06:29
怎么会了。。  成人网站 我大BD又不拦截  好像透露了些什么

哈哈，到底看到了什么

EnZhSTReLniKoVa

230f4 发表于 2015-6-15 06:31
哈哈，到底看到了什么

不能说的秘密， 想知道 去大海里去找

蓝天二号

KIS

heishen2010

KIS說不是病毒！是個廣告軟件！
[mw_shl_code=css,true]15.06.2015 08.28.17;检测到的对象（文件）将在重启后被删除。;C:\Users\{已過濾}\Desktop\Windows 7 Activator.exe;Microsoft Windows Search Protocol Host;C:\Users\{已過濾}\Desktop\Windows 7 Activator.exe;06/15/2015 08:28:17;not-a-virus:AdWare.MSIL.OutBrowse.yms
15.06.2015 08.27.59;检测到对象（文件）。;C:\Users\{已過濾}\Desktop\Windows 7 Activator.exe;Microsoft Windows Search Protocol Host;C:\Users\{已過濾}\Desktop\Windows 7 Activator.exe;06/15/2015 08:27:59;not-a-virus:AdWare.MSIL.OutBrowse.yms[/mw_shl_code]