Saturday 16 April 2011

HoaxSMS Fake installers (Flash player / WinRAR )

Hoax SMS again, this time for Adobe Flash player and Winrar
Flash Player:
Flash_player come from:
Some files are sent in \%temp%\
No EULA shown.
MD5: e54c20c71f1cb78f25246c970f70c528

Network activities:

The IP is "" a "Pay Per Install" service.

This one made me laught, a winrar installation who use a WinZip icon.
When opened, files are sent to C:\Documents and Settings\%userprofile%\%appdata%\winzipsoft
WinRAR come from:
No EULA shown.
MD5: 134fcb1ecac0db185e2d3259a26a3e50

Chars are badly displayed because i've not enabled cyrilic support.

Net work activity:


No comments:

Post a Comment