MS Antispyware 2009: new fake antispyware

Posted: December 18th, 2008 | Tags: Fake antivirus, Malware, Rogue |

MS Antispyware 2009 is a new fake security application. Do not attemp to download or install it - it is malware!

Following sites are noticed in distribution of MS Antispyware 2009:

193.142.244.217 MsAntispyware2009 [dot] com
94.247.2.84 Files.Msas2009dl [dot] com
94.247.2.88 dl.msas2009storage [dot] com
216.195.42.227 Sales.buymsantispyware2009 [dot] com

Virustotal report

File setup_1_1_.exe received on 12.18.2008 18:05:01 (CET)
Status: finished
Result: 1/32 (3.13%)

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.19.0	2008.12.18	-
AntiVir	7.9.0.45	2008.12.18	-
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.18	-
AVG	8.0.0.199	2008.12.18	-
CAT-QuickHeal	10.00	2008.12.18	-
ClamAV	0.94.1	2008.12.18	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.18	-
eTrust-Vet	31.6.6267	2008.12.18	-
Ewido	4.0	2008.12.18	-
F-Prot	4.4.4.56	2008.12.17	-
Fortinet	3.117.0.0	2008.12.18	-
GData	19	2008.12.18	-
Ikarus	T3.1.1.45.0	2008.12.18	-
K7AntiVirus	7.10.557	2008.12.18	-
Kaspersky	7.0.0.125	2008.12.18	-
McAfee	5467	2008.12.18	-
McAfee+Artemis	5467	2008.12.18	-
NOD32	3703	2008.12.18	Win32/Adware.MSAntispyware2009
Panda	9.0.0.4	2008.12.18	-
PCTools	4.4.2.0	2008.12.18	-
Rising	21.08.32.00	2008.12.18	-
SecureWeb-Gateway	6.7.6	2008.12.18	-
Sophos	4.37.0	2008.12.18	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.18	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.18	-
VBA32	3.12.8.10	2008.12.18	-
ViRobot	2008.12.18.1525	2008.12.18	-
VirusBuster	4.5.11.0	2008.12.18	-

Additional information
File size: 106496 bytes
MD5…: 476ebbe7ebffee00e93b2e38677ffce1
SHA1..: e462f474fd2360fcc8aa7515d6e1dcce185e429e
SHA256: d404ff8cdf7aeb4967365ac08bb58b858011d960798c54d9060ea3f79f6c294a
SHA512: f9ef31ee7e1d08a24c66f178514ec60716ed8b35d9d8494ca67e334f5f6c2ff7 ebabb3da0a2129e98b27c00e5a1776ffa3b615fe43c5a7d05f1b86d489b75eb6
ssdeep: 1536:ilanEFH7f10zwYx6nkFCMzJyXhOVYl6s4u1RoyoRvSnwVVBSDDU8E2Fi:1S b10zwYx7+XhOVYlSuv1eZ848E
PEiD..: -
TrID..: File type identification Win32 Dynamic Link Library (generic) (55.5%) Clipper DOS Executable (14.7%) Generic Win/DOS Executable (14.6%) DOS Executable Generic (14.6%) VXD Driver (0.2%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×40110e timedatestamp…..: 0×46685ee3 (Thu Jun 07 19:39:15 2007) machinetype…….: 0×14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×184e 0×2000 2.57 6dfb06730d81a244a36641ac9d3af618 .data 0×3000 0×11684 0×12000 7.06 d7651903d5a0106a48e0728824cf0eaa .tls 0×15000 0×1000 0×1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rdata 0×16000 0×1524 0×2000 0.02 175d1cdfb069c7b695feabc578641979 .idata 0×18000 0xd2f 0×1000 4.02 6ac359e3c33aa6e097c709fa03842543 .rsrc 0×19000 0xc485 0×1000 0.00 620f0b67a91f7f74151bc5be745b7110 ( 7 imports ) > GDI32.DLL: CloseFigure, SetTextColor, AddFontResourceExW, GetClipBox, CopyMetaFileA, ClearBitmapAttributes, CloseMetaFile, AddFontResourceExA, RestoreDC, GetDCOrgEx, CreateSolidBrush, AddFontResourceW, DeleteObject > ADVAPI32.DLL: RegQueryInfoKeyW, RegEnumKeyExW, RegLoadKeyA, RegEnumValueA, RegQueryValueW, RegOpenKeyA, RegQueryValueA, RegCreateKeyExA, RegCreateKeyW, RegFlushKey, RegOpenKeyExA, RegReplaceKeyW, RegLoadKeyW, RegQueryValueExW, RegDeleteValueA, RegEnumKeyW > COMCTL32.DLL: ImageList_Merge, ImageList_GetImageInfo, ImageList_LoadImageA, ImageList_DrawEx, InitCommonControls, ImageList_GetImageRect, ImageList_DrawIndirect, ImageList_LoadImageW, ImageList_AddMasked, ImageList_DragMove > GDI32.DLL: AddFontResourceTracking, AbortPath, CopyMetaFileA, AddFontMemResourceEx, DeleteObject, DeleteDC, AddFontResourceExW, GetDCOrgEx, BitBlt, CloseMetaFile, GetPixel, GetBrushOrgEx, CancelDC, AddFontResourceExA, CloseFigure, ClearBrushAttributes, AddFontResourceW > KERNEL32.DLL: GetCommandLineA, GetConsoleMode, GetLastError, OpenFileMappingA, DeleteFileW, DeleteAtom, GetCPInfo, CopyFileW, FindAtomA, SetLastError, ReadConsoleA > COMCTL32.DLL: ImageList_DragEnter, ImageList_BeginDrag, ImageList_Draw, ImageList_LoadImageA, ImageList_EndDrag, ImageList_Merge, ImageList_ReplaceIcon, ImageList_GetImageInfo, ImageList_LoadImageW, ImageList_AddMasked, ImageList_Copy, ImageList_LoadImage, InitCommonControls, ImageList_DragMove, ImageList_Create, ImageList_GetImageCount, ImageList_Replace > USER32.DLL: CopyIcon, DialogBoxParamW, GetCursor, DrawIconEx, CopyImage, GetWindowTextLengthA, DrawTextA, IsMenu, AppendMenuA, EndDialog, GetMenu, BlockInput, GetWindowTextA, DrawTextW, IsWindow ( 0 exports )