SYSREVEAL

Yet again we arrived to witness the Pushdo’s aftermath. After it spread with its old friend Bredolab(v10), new friend GoolBot(v9). Now, it’s only a few days before the Valentine’s Day. Pushdo will not let this opp slip away, it(v11) started to spread the love once again.  As usual,  Russia is an exception.

The Pushdo advanced installer doesn’t change. Same routine, same communication protocol, same custom encryption. It just changed a coat(custom stub+UPX 3.03).  The attachment myphoto.exe could be FakeAv downloader. In this case, it will download fixer_sdgareh_b.exe which is fakeav.