Hi! From last 6 months looking for advanced malware Samples that lives in memory only. No files are ever written to disk. Appriceate if some one able to help me or guide me. Thanks. -KalpT
I need a few malicious .pdf file(s). The file(s) should be less than 10mb in size. any help is appreciated.
I am new here. I am looking for a working malwares(trojans/bot) with the initials AARC, PXR and RB and also finding a good Remote Administration Tool(RAT).
If anyone have any sample please help me.
Anybody with sample of misleading app, UltraDefragger ?
We recently undertook a project to update the hands-on labs in our Reverse Engineering Malware course, and one of our InfoSec Resources Authors, Giuseppe "Evilcry" Bonfa, defeated all of the anti-debugging and anti-forensics features of ZeroAccess and traced the source of this crimeware rootkit:
InfoSec Institute would classify ZeroAccess as a sophisticated, advanced rootkit. It has 4 main components that we will reverse in great detail in this series of articles. ZeroAccess is a compartmentalized crimeware rootkit that serves as a platform for installing various malicious programs onto victim computers. It also supports features to make itself and the installed malicious programs impossible for power-users to remove and very difficult security experts to forensically analyze.
i want to announce that our new malware feeds alliance was lunched. http://c300g.net.
we are open for feeds exchange for the solely purpose of research.
we already have 8 different vendors which we all ready exchanging data with, we also work with 6 different sensors deployed around several different geographical hosting services.
we have more the 8,000,000 samples all ready.
we will lunch Dissect||PE Smart threat analysis framework on January 1. 2011.
Looking for a sample of Bamital.A dropper. It infects explorer.exe and winlogon.exe/wininit.exe (depending on OS).
Example of infected explorer.exe http://www.virustotal.com/file-scan/report.html?id=6191e8ab71204520bb081815ff8c645ba32a3e836100ee0c5ba5994aea739789-1289354715
Looking into how torpig talks to its command and control.
I would appreciate a sample if possible.
Anyone noted and working related to cnc server in internet:IP:126.96.36.199
i success to pretend as bot and connect to that cnc server but just can see myself only.