Skip navigation.
Home

malware hashes

|

Hi,

I am looking for malware hashes. If possible SHA-1 hashes.
Something like NSRL RDS of NIST.

Any ideas?!

Thanks!

hash set of all malware uploaded

I'd love to see a hash set created and update of all malware uploaded here. It could be done weekly,
monthly, etc. It would be a great help. Any thoughts?

Robert

hash set of all malware uploaded

Hello All.
Do you intend to do something like http://www.team-cymru.org/Services/MHR/ .
I already did it for my own collection. If OC would like to do this I would like to help.
Keep me posted.

Fernando

hash set of all malware uploaded

@last reply

But dear can you directely share that collection of yours with us?
If so make that file upload some where we will download,make and take it easy!

Sushant Katare

Take it easy

Lets understand the main subject ( maybe I miss understand it )
- to have a malware hash "database" where anyone could search file hashs, if its on the database, probably it's a malware (i'm considering false-positives ).
To do this, we need to define what we will show when searching a hash, what will be the reference AV, etc ...
Did you had a chance to see the project that I mentioned in my last post ? Did you tested it ?
As I told, I did it for my own collection. Yes I can share the results, but if we use the same idea, on Offensive Computing Database, (a bigger collection than mine) I think the results will be better too.

I will be rewriting a lot of

I will be rewriting a lot of the code for the site, and I think this is a good idea to incorporate your ideas. I'll need some time but let me look into it.

ideas

Something online would be great. I downloaded the set from CYMRU and use it with Encase. So a
downloadble version would be great. I think that with all of the samples uploaded here it be a
tremendous asset.

hash set of all malware uploaded

That´s also my intend. I want to use it with forensic software.
It shouldn´t be that problem to extract the hashes of the existing malware.
Running a hash-set against an image is much quicker as scanning it with the AV.

Hi dannyquist, this is just

Hi dannyquist,

this is just my suggestion. Hope it's alright to write my suggestion here.
Would it be good to get samples from the following sites to add to your enormous DB which you already have?
http://www.malwaredomainlist.com/mdl.php
http://www.malwareurl.com/listing-urls.php?urls=on

I've done a simple Python script to download from the first one...but it's hastily coded.
http://xchg.info/?p=353

Maybe like what sec_nando wrote, it'll be good if we have some reference to what the malware could do a brief description of the malware.

Is it remotely possible to even link to hashes found on VirusTotal?

Hmmm...this are just my suggestions.

BR,
[ Gunther ]

Good ideas. The next version

Good ideas. The next version of the code is going to definitely integrate more with virus total. I have the new server installed at the new colo and it should be up within a week or two.