Skip navigation.


Cached Data Attack rootkit - Csaba Barta


Anybody have the sample?

I dont understand why this rootkit is undetectable...

BoHu Sample


Does anyone have a BoHu sample they can share so I can research it?



Hi Everybody,

Does anyone has a BKDR.IRCBot sample?


code injection analysis tools or ways

| |

Can any one help/guide me that how can I analyse code injection malware samples? ThreatExpert and other sandbox tools tell abt the code injection existence, but I want to go in deep level to know which code injection technique is being used in malwares.

Thanks alot!

Need some Sample to test Anti Keylogger


Dear all,

I am looking for the following Trojan sample

Bifrost (Trojan)
Bandook (Trojan)
Nuclear RAT (Trojan)
Poison Ivy (Trojan)
sharK (Trojan)

Would appreciate if anyone can share this sample.

looking for spyware protect 2009 sample


does anyone have a sample of spyware protect 2009? need it for analysis

Dream Loader C2 Engine


Looking for a sample of the new bot C2 engine Dream Loader version 0.3. A writeup can be found here:


Looking for Android Fakeplayer Trojan sample


Hi All,

I am looking for Android Fakeplayer Trojan sample, I would be thankful if someone share the same.

Thanks in advance

Troj/Geinimi-A Trojan


Dear all,

im looking for the Troj/Geinimi-A Trojan (MD5:"e0106a0f1e687834ad3c91e599ace1be"). Would appreciate if someone can share this sample...

from lclee_vx

Releasing malpdfobj (malicious PDF described in a JSON object)

| |

About a month ago I posted a blog describing research I was doing on malicious PDF files. As part of this research I needed a way to represent a malicious PDF file in a queryable form. I ultimately decided on MongoDB as my backend and therefore wanted to get the malicious file in a JSON form so I could store it.

The tool I just released today is a composite of tools from myself and Didier Stevens. Didier's PDF tools have done a lot of the heavy lifting, but my glue code brings multiple pieces of data into a single object. As of right now the object contains the following details:

Syndicate content