Skip navigation.
Home
WARNING: This site contains samples of live malware. Use at your own risk.

linux_ramen

md5sum: a3b3f9fb1370d8bc561efd4a2a75af33 *linux_ramen.tar.gz
sha1sum: 3b19e059cd3aba6b762689634451b4a8633408cb linux_ramen.tar.gz

http://securityresponse.symantec.com/avcenter/venc/data/linux.ramen.worm.html

Does this board really allow me to edit other user's articles? Answer: Yes. -- INT 0x21

CodeRed_A

exe sha1sum: 4605a2d0aae8fa5ec0b72973bea928762cc6d002 win_codred_a.exe
exe md5sum: 6f5767ec5a9cc6f7d195dde3c3939120 *win_codred_a.exe
zip md5sum: 55f9524bbbed7f8ae0850ed01562090b *win_codred_a.zip
info: 4039 Jul 16 2001 win_codred_a.exe

http://www.f-secure.com/v-descs/bady.shtml

Courtesy:eEye Team
Update: I attached idb that was provided by eEye research team. The idb is fully commented.

Bagle_ai

exe sha1sum: be4f2b7ca634ce946317acdc54b1423e2f5329ce win_bagle_ai.exe
zip md5sum: 23d344f3b2e5f4dfaa1bdbd56ee39b02 *win_bagle_ai.zip
exe md5sum: 239644e31ce940a25a8ca907feba0d19 *win_bagle_ai.exe
info: 24010 Jul 20 2004

http://www.f-secure.com/v-descs/bagle_ai.shtml

perl open pipe cgi exploit

This is the perl cgi open pipe metasploit module exploit.
If you have a perl cgi that does something like

$something_user_inputed;
open(IN,"$something_user_inputed");

someone can make $something_user_inputed = "|/bin/id";

or any other number of evil things.

V.

phpbb_highlight

This is the phpbb_highlight metasploit module exploit. Go to http://www.metasploit.net for the framework.

V.

VMSTAT EXPLOIT

vmstat proof of concept exploit.
Not useful unless vmstat is suid root for some reason.

V.

INTRO

Welcome to Offensive Computing!

This site is a community resource designed to provide access to live copies of malware and their analysis.

Users of this site can contribute by uploading analysis, snort rules, checksums and copies of malware to the database in order to foster communication, sharing and collaboration.

One of the unique aspects of this site is the malware database. There are very few open and free resources available for malware researchers and analysts so this site fills a unique role in the community.

NOTE: To access any of the files you must first create an account. Posts are closely moderated.

WELCHIA

sha1sum: bdc843c65e6984b35dd26c53e84338ff3982da2d win_welchia.exe

md5sum: 24837f736517f367a11dcb8bd8ed6306 *win_welchia.exe
info: 12800 Feb 13 2005 win_welchia.exe
zip md5sum: 3913187407b74597753f324bb9818ba5 *win_welchia.zip

http://www.f-secure.com/v-descs/welchi.shtml