Skip navigation.
Home

Malware

Malware Catalog / index.

|

Hello,

Is there, or perhaps will there be a list, of malware samples that are available? I don't seem to see anything like that at the moment. Might be useful.

Excel 0day Second Stage Malware

The new Excel 0day malware is available through the malware search. Simply search for the MD5 sum "8e98ee572636fb66f69df992b4dfa983" using the malware search on the right toolbar.

SANS ISC has coverage of the malware as well as a Microsoft's blog.

Trojan.Beastdoor.207

###################################
BASIC INFO:
-----------------------------------------------
FILE TYPE: PE executable for MS Windows (GUI) Intel 80386 32-bit
PACKER/S: malware.exe: ASPack v2.12 [293] (1 matches)
malware.exe: ASPack v2.12 [292] (1 matches)

-----------------------------------------------

CHECKSUMS
-----------------------------------------------
MD5SUM: 192bd7afb1479aad2b64a6c176773a01
SHA1SUM: 89241198d39d4edd9ffddb45df2742a1778fcbdf
SHA256SUM: 1ee3769e213e89a0b3d5cdba1d15f85e1140fb96eb03a05210730ebce77c377a
-----------------------------------------------

Lovegate.AH

###################################
BASIC INFO:
-----------------------------------------------
FILE TYPE: PE executable for MS Windows (GUI) Intel 80386 32-bit
PACKER/S: malware.exe: ASPack v2.11 [288] (1 matches)

-----------------------------------------------

CHECKSUMS
-----------------------------------------------
MD5SUM: e62f24566081231484ff3791eb59bdf6
SHA1SUM: 1a2775cf26bfb56f2c7cd815ed5514369814ef26
SHA256SUM: 78ddaa38a8ed31cfdee7122dde356368f15c7cc6c667c393f35a81a790d3f481
-----------------------------------------------

A/V INFO:
-----------------------------------------------

Bagel.DY

###################################
BASIC INFO:
-----------------------------------------------
FILE TYPE: PE executable for MS Windows (GUI) Intel 80386 32-bit, UPX compressed
PACKER/S:
-----------------------------------------------

CHECKSUMS
-----------------------------------------------
MD5SUM: 94373005fe39e2f3f4c76cf0061176d6
SHA1SUM: 9c6be049cce7ac28abf33ec6f6e0d74b4a73127d
SHA256SUM: f945f91d844dcdb4df7e365f4619ea899ded378f492a55ef70e39eeb4c1cf01a
-----------------------------------------------

A/V INFO:
-----------------------------------------------
F-Prot: Infection: W32/Bagle.DY@mm

Zlob Variants

| |

I have attached a few Zlob Variants that I have collected over the last month incase anyone was interested in its progression.
One of the six files is not detected by any online scanners atm, yes even NOD32.
23.05.06 @ 1643EDT
NOD is usually good at detecting the variants but for some reason this one spooked it. I only scan the "ecodec.exe" to limit the flagging by default of the other files in the self extracting archive. I have only upped the ecodec.exe's.
Some scanners never get the new ones, some may say "suspicious" but IMO that is not enough to warrant a "detection".
Have a look below

New Microsoft Office Overflow Malware

| |

Hello,

does anyone have a copy of the MS Word attachment that's circulating recently ... it exploits the Word 0-day overflow when opened.

Thanks

M

ida woes

| |

Im wondering if anyone out there has ever got the following all working together:

Linux (fedora or whatever)
Ida Pro (4.x)
ida sdk
idapython

Im having a hell of a time getting everything working and if you have experience Id like to know if there are any tips or tricks you could offer.

V.

Mobile Malware

| |

Bunch of malware for mobile phones.

Cabir.sis
#################################
FILE TYPE: data
MD5SUM: 6fd6b68ed3a83b2850fe293c6db8d78d
SHA1SUM: ce794f10e2f58913724305143f14fc3661094dd1
SHA256SUM: 02001bfa07cf10b7cd30753ae937eb23aa986db4cc37b18821d413d2c8cc0fea
A/V SCAN: SymbOS.Worm.Caribe.A
#################################

CommWarrior_C.sis
#################################
FILE TYPE: data
MD5SUM: de57a980017ae21b1a75a2e00c77535e
SHA1SUM: f42490d586a667a298989e007942743c91acf353
SHA256SUM: 1efd49473012ad3c1c849cd58b13132bedf3cb307bbcb52a3499d5584a44e456
A/V SCAN: data

Offensive Computing Malware Search

MALWARE SEARCH:


Enter an md5sum to search on

Search Malware:


Syndicate content