Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.
Site:
hxxp://scanner-protection.com
hxxp://virus-scan-online.com
File: AV2008install.exe
VirusTotal: Result 5/36 (13.89%)
File size: 186880 bytes
MD5…: 9ca4a84b7d9e074948fa3e3259695e1b
SHA1..: 52bf41bbc39daa7cc729cac49ebbbc4cc1068d79
SHA256: de2564f71fa018dd36b74dafdf7bef26ffc2c1006581b517d45709e364a1f0c8
SHA512: 47a8ab7d0c8567922d97e6d7183ed646a75ec9d42ba37d997fb77de237946ce2
c9c24c8abc1f0be87a39acf48d4e8be41df82303eac0a628832c9a282944af83
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (35.2%)
Win32 Dynamic Link Library (generic) (31.3%)
Win16/32 Executable Delphi generic (8.5%)
Clipper DOS Executable (8.3%)
Generic Win/DOS Executable (8.2%)
Looks like it’s also attempting a few exploits via “search-you-need.com”. At least it was when I checked it out. Pretty nasty one you uncovered. Good find. Definitely stay away unless you know what you’re playing with.