Jump to content

DragonMaster Jay

Honorary Members
  • Posts

    380
  • Joined

  • Last visited

Reputation

0 Neutral

1 Follower

About DragonMaster Jay

  • Birthday 04/08/1989

Recent Profile Visitors

18,172 profile views
  1. Hi! Wanted to ask if you can also study the app "ai.type" - as I have collected information regarding it on my device. It is popping up in a browser window sent through Linux browser (AKA the Android System Webview) during/after Google Play apps update; however, ai.type does not appear to be using Batmobi - even though they are sending analytics and ad association data 40-60 times/minute. They do use Adjust.io ad kit, however, and decided to communicate data with the server just before launching popup on test device. They used spoofed app ID "com.apalon.myclockfree" with referrer from Mobobeat.biz, and utilized domain for callback URL, ".stats-location.com". Would you check this app, ai.type, to reproduce, and see if it has integration with Batmobi? The registration in the XML data sent has 302 codes, which signals redirects similar to those already mentioned. This is the same redirection scheme being used in "click302.h5mone.com" - therefore, I wanted to provide data I had gathered as well. Please get back to me soon.
  2. You are most welcome! :) I hope it was great!

  3. Happy Belated Birthday!

  4. Last name Ever...first name Greatest!

  5. Sad to hear indeed. He worked on my site a bit, and I will say that he was a very hard worker. Hope you all get through this.
  6. The new CIS is a good one. Beat Kaspersky in Internet Security tests.
  7. It can not be classified as "rogue" because... 1. There is no unsolicited intrusion/penetration into the system 2. There is no explicit enforcement/offering to buy a higher/pro version of the same program. 3. Detection of the mentioned program is based on behavior (such as registry changes) 4. Can not find any illegitimate advertisements/offers in program.
  8. You seem to misunderstand the importance of this file, and what could happen if you change the internal assembly to a write code. If you add write features to this sample virus code, it will not be pretty to your OS. The fact that you can do an Assembly code analysis, as I did above, proves that the researchers whom designed it, were specifically aiming for what real virus code would look like. If you do an analysis (if you know Assembly code) of this file, you will realize it has all that is needed to implement a real virus. It contains an instruction pointer, a stack pointer, a data string, DOS function, and two places where it changes its bytes to make it polymorphic. One of the worst type of viruses we deal with is polymorphic viruses. EICAR test file is still a good example virus and should still be used.
  9. I've been told the reason AVs will detect it is for normal users to test the responsiveness of their real-time protection. Also, you can stick it in a zip folder or similar format, and see if the antivirus will still detect it, no matter if it is in a compressed file or not. Dumped EICAR test file in debugger:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.