Skip navigation.
Home
WARNING: This site contains samples of live malware. Use at your own risk.

Trojan.Haxdoor-6

| |

Scanning -> C:\malware\ms2.exe
#################################
FILE TYPE: MS-DOS executable (EXE)
MD5SUM: 03057da8812e47f7c1e73f6d479fcbb3
SHA1SUM: 3f3b74ab22bf4d28aba93711603cf7ce3f31bcaf
SHA256SUM: 5eb1e89fb79f496d94a49eddd3853f4def1e961e9e9a5cad58fae27ae180adf8
A/V SCAN: Trojan.Haxdoor-6
PACKER: FSG v1.33
#################################

Trojan.Downloader.Small-388

| |

Scanning -> C:\malware\loadadv50.exe
#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: 1e78cee46e178c16f16c0997c10b821b
SHA1SUM: 6e272850d70c06b0ead0de64662b401cfe70a3eb
SHA256SUM: f049644a63eb33811d331d1a34753ce9b635bbeaf00056e6977b50823aa40a83
A/V SCAN: Trojan.Downloader.Small-388
PACKER: UPX v1.24
#################################

Trojan.Spy.Ncase-1

| |

Scanning -> C:\malware\kvslsfkz.exe
#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: bf8489ef5e9bdfc21ffd2b7de5bb546c
SHA1SUM: d7f8a10232286977a492e664d82d4282548f4b04
SHA256SUM: 6ed7fe9a2be4a2557b797dc002e9c5ad94ef53a25a6facb042229a3e86f1ede8
A/V SCAN: Trojan.Spy.Ncase-1
PACKER: none
#################################

Adware.BBuddy-14

| |

Scanning -> C:\malware\installer_SIAC.exe
#################################
FILE TYPE: MS-DOS executable (EXE), OS/2 or MS Windows
MD5SUM: 40a12114f3c68f38eaf39c01b29a02f3
SHA1SUM: 9ed9267487e85e565af5cb2f0bdfc72a796d887c
SHA256SUM: e4537ce1f08dd7b66c9bf89f0219a73627ea3922b0be5dfa7cb7533ae12c601c
A/V SCAN: Adware.BBuddy-14
PACKER: none
#################################

Dialer-306

| |

Scanning -> C:\malware\gdnUS333.exe
#################################
FILE TYPE: MS Windows PE 32-bit Intel 80386 GUI executable not relocatable
MD5SUM: fec0e03b377480e204d3a3b3d94321e6
SHA1SUM: 45dcd1ab95ca0162ab2f5a5ab46492a1c3d2159b
SHA256SUM: 1067b44eaa8ad81e1834e02490b88a02069f3160de570971df3b76f1bb7dcda0
A/V SCAN: Dialer-306
PACKER: none
#################################

nice

|

From: "Anthony Aykut"
> Date: January 9, 2006 11:38:50 AM MST
> To:
> Subject: [Full-disclosure] MD:Pro - Malware Distribution Project

For information - On 01 February 2006 we will launch our Malware
> Distribution Project (MD:Pro) service, which will offer developers of
> security systems and anti-malware products a vast collection of
> downloadable
> malware

Too bad OC isnt charging.

I wonder if OC gets an honorary account?

V.

new request

| |

Anyone know of or have a packer/encoder signature database?

:)

V.

Slow

|

Well its been a little slow around here the last couple of days. I've been off taking care of the little one and not doing much malware. However we got a couple of massive contributions and have been working on some automation stuff so we should have some big posts coming soon. Thanks to all the people who have been visiting, posting, contributing, etc. 2006 is looking great so far.

V.

wmf construction kit

| |

Thanks to one of our users we have a copy of the wmf construction kit.

There are lots of really obvious signatures from this kit so I find it less than useful. Metasploit is not that hard to use, comon!

00041A10 00443610 0 c:/mnt/samo/mingw/msys/mthr_stub.c

0003E402 00440002 0 Have fun
0003E41A 0044001A 0 ApacheEatsGnu
0003E432 00440032 0 ------visit www.egocrew.de-----
0003E454 00440054 0 Exploit by Metasploit Framework
0003E475 00440075 0 %s

This stuff is retained by the actual wmf files it outputs.

Another modern classic: Virus.Win9x.CIH

This was a pretty widespread and nasty virus years ago that would flash the bios of the host machine with garbage on April 26.

MD5: 862582b7072427a095aaac9c6a93f81f
SHA1: 62c1895018a7b521504f6531e1e4f56ba15cec01

AntiVir Found CIH #1
ArcaVir Found W95.CIH.1003
Avast Found Win95:CIH 1.x
AVG Antivirus Found Win32/CIH
BitDefender Found Trojan.Win95.Flashkiller
ClamAV Found CIH.2
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32