Skip navigation.
Home
WARNING: This site contains samples of live malware. Use at your own risk.

Offensive Computing Status

|

Well several major milestones have been reached:

- We have passed over 1000 unique registered users.
- We are rapidly approaching 1 million hits.
- The automated malware analysis / classifier is up and running
- People are contributing to the new database

Several other exciting things are in the works and hopefully we will be able to announce them soon.

Let us know what you think, especially about the new autoanalysis too.

I just want to take a minute to thank the OffensiveComputing staff, our users and contributers, our affiliates (especially metasploit) for all the hard work and support.

Offensive Computing Malware Search

MALWARE SEARCH:


Enter an md5sum to search on

Search Malware:


Trojan.Randsom.A

| |

Has anyone come across a sample of Trojan.Randsom.A ( http://www.symantec.com/avcenter/venc/data/trojan.randsom.a.html )? I have been looking for a copy and have been unsuccessful in my search.

Thanks for your help.

-n

VX Reversing

| |

Hello folks, let me introduce myself.
I'm Nomenumbra, a random netizen with a great interest in computer security. My interests lie with the offensive side of computer security, including malware research.
Well, I recently remembered i'd signed up to this webpage, which is a great initiatize which I, as a VX researcher'd like to contribute to.
I wrote a short series of VX reversing articles for you to enjoy (i hope :) ):

First Two: http://0x4f4c.awardspace.com/storage/articles/VXrev.zip

Third: http://0x4f4c.awardspace.com/storage/articles/actIII.html

Seeking Netsky.a (or variants) full source code for serious research

| |

I've been running into many proverbial brick walls trying to track this down and I know it's public. I believe I use to have it but figuring out which hard drive it "might" have been on is a daunting task especially at the moment. I can only hook 2 HD's up to one pc at a time(of 2 pc's total at the moment) so it is a bit of a pain. I am not in the business of spreading viruses and not some script kiddie. I am 34yrs old not 14 okay. ;) I have read papers and descriptions on the pest and some of it's variants. Some info was useful depending on technical level and depth of study but this is no substitute for the actual original source code or any variant's sources that may be public. A true understanding would only be best grasped by source code not a general idea of the routes and methods of infection and I seek a whole understanding and collect source codes. Please do not suggest a document on the subject (pdf,ppt, word doc or other) I probably have it already or could find it easily, but thanks. If someone has it I would apreciate a link or upload of attachment here or if for some reason, though doubtful, you are more inclined to want to use email than mine is:

SymbOS Comwarrior worm

| |

Thanks very much to scarlett pimpernell

CHECKSUMS
-----------------------------------------------
MD5SUM: de57a980017ae21b1a75a2e00c77535e
SHA1SUM: f42490d586a667a298989e007942743c91acf353
SHA256SUM: 1efd49473012ad3c1c849cd58b13132bedf3cb307bbcb52a3499d5584a44e456
-----------------------------------------------

-----------------------------------------------
Kapersky: Worm.SymbOS.Comwar.c
ClamAV: SymbOS.Worm.ComWar.C

SymbOS.Commwarrior.C is a worm that replicates on Series 60 phones. It attempts to spread using Bluetooth, Multimedia Messaging Service (MMS), and Multmedia Cards (MMC) as a randomly named .sis file. It has been reported that one of the possible file names is SymCommander_1_06.sis.

Trojan.IRCBot-93

I picked up this on from the email I received. It had URL to a site hosting the .exe (postcard.jpg.exe) and I got a chance to download the malware.
--
Clamav: Trojan.IRCBot-93
Kapersky (online):

  • postcard.jpg.exe/data.rar/script.ini - infected
    by Backdoor.IRC.Zapchast
  • postcard.jpg.exe/data.rar/svchost.exe - infected by Virus.Win32.Parite.b

  • postcard.jpg.exe/data.rar/sup.reg - infected by Backdoor.IRC.Zapchast

MD5 c28241011e094ae2435988006ec108db
SHA-1 a75babdb303cf5160bcd068ae6c711bd5b5f565e

Note: It's quite interesting to see that Kapersky extracts other files in the *.exe.

Site Updates Imminent

Here at OC we've been toiling hard into the night to bring updated site features. Please bear with us as we make the final push on the site software. Updates and more content are forthcoming!

Win32.Polipos

| |

Anyone have any samples of this please?

/frog

New Shellcode Formater

| |

Our friend lin0xx just sent us this cool new tool he made called sc_frmt.

Its basically a shellcode formatter written in ruby so that you can take gdb output and have it formatted into various languages shellcode style.

Feedback goes to lin0xx [at] gmail.com

Check it out!

V.