Skip navigation.
Home
WARNING: This site contains samples of live malware. Use at your own risk.

Slashdot Coverage of Malware Classification Article

|

Slashdot has a discussion of the Rob Lemos article from Security Focus.

V

Researchers Eye Machines to Analyze Malware

Rob Lemos from Security Focus has written an article about malware analysis research.

“ There is an arms race going on between analysts and malware authors, so any solution will have to keep pace with advances on both sides. ”

Val Smith, co-founder, OffensiveComputing.net

http://www.securityfocus.com/news/11395

Trojan.Beastdoor.207

###################################
BASIC INFO:
-----------------------------------------------
FILE TYPE: PE executable for MS Windows (GUI) Intel 80386 32-bit
PACKER/S: malware.exe: ASPack v2.12 [293] (1 matches)
malware.exe: ASPack v2.12 [292] (1 matches)

-----------------------------------------------

CHECKSUMS
-----------------------------------------------
MD5SUM: 192bd7afb1479aad2b64a6c176773a01
SHA1SUM: 89241198d39d4edd9ffddb45df2742a1778fcbdf
SHA256SUM: 1ee3769e213e89a0b3d5cdba1d15f85e1140fb96eb03a05210730ebce77c377a
-----------------------------------------------

Site Updates

|

Chamuco did a bunch of work on improving the search interface. If you are logged into the site you can see MalSearch at the top right. You can now search on anything, not just md5sums.

The results include:

- md5,sha1,sha256 sums
- AV scan results
- Packer detection
- strings
- dissassembly
- a copy of the sample
- a test version of the report
PE header info

Good job chamuco!

V.

Lovegate.AH

###################################
BASIC INFO:
-----------------------------------------------
FILE TYPE: PE executable for MS Windows (GUI) Intel 80386 32-bit
PACKER/S: malware.exe: ASPack v2.11 [288] (1 matches)

-----------------------------------------------

CHECKSUMS
-----------------------------------------------
MD5SUM: e62f24566081231484ff3791eb59bdf6
SHA1SUM: 1a2775cf26bfb56f2c7cd815ed5514369814ef26
SHA256SUM: 78ddaa38a8ed31cfdee7122dde356368f15c7cc6c667c393f35a81a790d3f481
-----------------------------------------------

A/V INFO:
-----------------------------------------------

Bagel.DY

###################################
BASIC INFO:
-----------------------------------------------
FILE TYPE: PE executable for MS Windows (GUI) Intel 80386 32-bit, UPX compressed
PACKER/S:
-----------------------------------------------

CHECKSUMS
-----------------------------------------------
MD5SUM: 94373005fe39e2f3f4c76cf0061176d6
SHA1SUM: 9c6be049cce7ac28abf33ec6f6e0d74b4a73127d
SHA256SUM: f945f91d844dcdb4df7e365f4619ea899ded378f492a55ef70e39eeb4c1cf01a
-----------------------------------------------

A/V INFO:
-----------------------------------------------
F-Prot: Infection: W32/Bagle.DY@mm

Zlob Variants

| |

I have attached a few Zlob Variants that I have collected over the last month incase anyone was interested in its progression.
One of the six files is not detected by any online scanners atm, yes even NOD32.
23.05.06 @ 1643EDT
NOD is usually good at detecting the variants but for some reason this one spooked it. I only scan the "ecodec.exe" to limit the flagging by default of the other files in the self extracting archive. I have only upped the ecodec.exe's.
Some scanners never get the new ones, some may say "suspicious" but IMO that is not enough to warrant a "detection".
Have a look below

New Microsoft Office Overflow Malware

| |

Hello,

does anyone have a copy of the MS Word attachment that's circulating recently ... it exploits the Word 0-day overflow when opened.

Thanks

M

ida woes

| |

Im wondering if anyone out there has ever got the following all working together:

Linux (fedora or whatever)
Ida Pro (4.x)
ida sdk
idapython

Im having a hell of a time getting everything working and if you have experience Id like to know if there are any tips or tricks you could offer.

V.

Mobile Malware

| |

Bunch of malware for mobile phones.

Cabir.sis
#################################
FILE TYPE: data
MD5SUM: 6fd6b68ed3a83b2850fe293c6db8d78d
SHA1SUM: ce794f10e2f58913724305143f14fc3661094dd1
SHA256SUM: 02001bfa07cf10b7cd30753ae937eb23aa986db4cc37b18821d413d2c8cc0fea
A/V SCAN: SymbOS.Worm.Caribe.A
#################################

CommWarrior_C.sis
#################################
FILE TYPE: data
MD5SUM: de57a980017ae21b1a75a2e00c77535e
SHA1SUM: f42490d586a667a298989e007942743c91acf353
SHA256SUM: 1efd49473012ad3c1c849cd58b13132bedf3cb307bbcb52a3499d5584a44e456
A/V SCAN: data