Skip navigation.
Home
WARNING: This site contains samples of live malware. Use at your own risk.

PackBot

Found one PackBot.p

md5sum : 4880165cef39e60fa85fe32b801bc33e
infected: Backdoor.Win32.PackBot.p

lys.

Looking for a malware md5 list

| |

I'm currently involved in doing some forensic analysis with Helix, and I was hoping someone in the forum could point me in the direction of a good md5 list for common malware (sdbot/gaobot/mytob variants, general worms, virii, etc.) Any help would be appreciated.

Austere
divinespiral-at-gmail.com

New Linux Malware

Two linux malware in zip.

session: infected: Backdoor.Linux.Keitan.c

derfig: infected: Net-Worm.Linux.Mare.e

lys.

Searching : OSX.Leap.A

Hi,

I'm looking for OSX.Leap.A malware "latestpics.tgz"

https://www-secure.symantec.com/avcenter/venc/data/osx.leap.a.html

Does someone have this one?

tia,

lys

Annoucing a new Hakin9 Magazine alliance!

|

Offensive Computing is forming an alliance with Hakin9 magazine. Look for future comments and article reviews, etc.

hakin9 is a magazine about hacking and IT security, covering techniques of breaking into computer systems, defence and protection methods. Our magazine is useful for all those interested in hacking – both professionals (system administrators, security specialists) and hobbyists. The magazine is of Polish origin, it's also translated and published in other countries and language versions.

hakin9 offers an in-depth look at both attack and defense techniques and concentrates on difficult technical issues.

Pedro's Malware Quiz #6

| |

Don't know how many of you follow the Malware Quiz series that comes out of ISC@SANS but Pedro Bueno has released #6 in the series, and this time it's on the Linux platform.

Checkout all the details here.. http://handlers.sans.org/pbueno/ma6.html

EDIT BY VALSMITH;

NOTES:
UPDATE: Apparently there has been some new stuff going on related to this post. A "variant" seems to have come out recently. Information can be found on the DailyDave mailing list in a post by Gadi Evron. If someone comes across a copy of this new varient I'd love to see it.

Mydoom.M

Creates registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Daemon
HKEY_CURRENT_USER\Software\Microsoft\Daemon

Creates:
%windir%\java.exe

Listens on TCP port 1034

MD5: 65cee5de8a2e13f739a987ea2e060495
SHA1: d862a2d041903651af9e62e662bde9f38030001c

AntiVir Found Worm/Mydoom.M
ArcaVir Found Worm.Mydoom.M
Avast Found Win32:Mydoom-M
AVG Antivirus Found I-Worm/Mydoom.O
BitDefender Found Win32.Mydoom.M@mm
ClamAV Found Worm.Mydoom.M
Dr.Web Found Win32.HLLM.MyDoom.49
F-Prot Antivirus Found W32/Mydoom.O@mm
Fortinet Found W32/Mydoom.N-mm
Kaspersky Anti-Virus Found Email-Worm.Win32.Mydoom.m

TrojanHaxdoor

| |

TrojanHaxdoor
MD5SUM: 7a961a17bf7f04d51c266634d0d10e5a
SHA1SUM: 3b306e98b54eaba5893086254cf2ed716e8e7088
SHA256SUM: 42e56bc95c04e3a1928f9c7b4403d74e2093d82e10708f8bf23b346b0c65651e

PACKER: FSG v2
REF: Submitted by MythX
DATE FOUND: 02/14/06
VECTOR: OC Submission
THREAT: TrojanHaxdoor (as identified by multiple AV Vendors)
CME #: N/A
SIZE (Pack) 12.7 KB
Size (Unpack) 97.0 KB

W32.Nymex.E@mm

MD5: 3cb74baa2858f2e75fb5ce2efd51b8bd
SHA1: 649a8276a1d5594c5a41d26ba465ddd7e4c5cf00

UPX packed.
UUEncodes itself to get around some MIME filters.

AntiVir Found Worm/KillAV.GR
ArcaVir Found Worm.Vb.Bi
Avast Found Win32:VB-CD
AVG Antivirus Found Worm/Generic.FX
BitDefender Found Win32.Nyxem.E@mm
ClamAV Found Worm.Nyxem.E
Dr.Web Found Win32.HLLM.Generic.391
F-Prot Antivirus Found W32/Kapser.A@mm
Fortinet Found nothing
Kaspersky Anti-Virus Found Email-Worm.Win32.Nyxem.e
NOD32 Found Win32/VB.NEI
Norman Virus Control Found Small.KI@mm
UNA Found I-Worm.VB
VBA32 Found Email-Worm.Win32.VB.bi

What AV in your opinion is the best

McAfee
3% (4 votes)
Symantec
9% (13 votes)
F-Secure
4% (6 votes)
Kaspersky
34% (49 votes)
Sophos
4% (6 votes)
NOD32
7% (10 votes)
AVG
7% (10 votes)
AntiVir
10% (15 votes)
Anything else that's not included ??
16% (24 votes)
What's an Anti-virus anywayz :))
6% (9 votes)
Total votes: 146