Skip navigation.
Home

Site Status

So I've added sha1 hashes to all the entries per multiple suggestions I got to do so since we all know md5 is weak now. It would be nice to have gpg / sha256 stuff too if anyone can work on that. (I dont have a sha256sum tool yet.)

Dave Aitel and others made some interesting suggestions on how to accuratly identify malware which I like alot and will be working on. See the DailyDave maling lists for more information. (linked in the links section)

I've gotten some emails asking how to post content to the site so here are some brief instructions.

Once you log in there is a menu at the left. One of the menu options is "Create Content"
- Click on that and select forums.
- Check malware and make your entry.
- At the bottom of the submital form is a place to upload files. You have to add it and then submit after the page reloads.
- Please zip all files and provide as much info as you can about it. (checksums at a minimum, disassemblies or ida databases appreiciated). Ill be moderating this stuff.

On another note I got an anonymous tip that someone from CERT sent a complaint to my ISP/registrar to get me taken down. If anyone from CERT is reading this I'd really be happy to talk with you guys and discuss what the issues are and how we can work together.

Thanks!

V.

md5deep

I use md5deep toolset for this. It has executables that can generate several different checksums. I would use it in a way that generates multiple signatures per document. It is much harder to get a size, sha1sum and a whirlpool signature to be all the same.

http://md5deep.sourceforge.net/

A dark shadow in the night.