Skip navigation.


Offensive Computing Malware Search


Enter an md5sum to search on

Search Malware:


| |

Has anyone come across a sample of Trojan.Randsom.A ( )? I have been looking for a copy and have been unsuccessful in my search.

Thanks for your help.


Seeking Netsky.a (or variants) full source code for serious research

| |

I've been running into many proverbial brick walls trying to track this down and I know it's public. I believe I use to have it but figuring out which hard drive it "might" have been on is a daunting task especially at the moment. I can only hook 2 HD's up to one pc at a time(of 2 pc's total at the moment) so it is a bit of a pain. I am not in the business of spreading viruses and not some script kiddie. I am 34yrs old not 14 okay. ;) I have read papers and descriptions on the pest and some of it's variants. Some info was useful depending on technical level and depth of study but this is no substitute for the actual original source code or any variant's sources that may be public. A true understanding would only be best grasped by source code not a general idea of the routes and methods of infection and I seek a whole understanding and collect source codes. Please do not suggest a document on the subject (pdf,ppt, word doc or other) I probably have it already or could find it easily, but thanks. If someone has it I would apreciate a link or upload of attachment here or if for some reason, though doubtful, you are more inclined to want to use email than mine is:

SymbOS Comwarrior worm

| |

Thanks very much to scarlett pimpernell

MD5SUM: de57a980017ae21b1a75a2e00c77535e
SHA1SUM: f42490d586a667a298989e007942743c91acf353
SHA256SUM: 1efd49473012ad3c1c849cd58b13132bedf3cb307bbcb52a3499d5584a44e456

Kapersky: Worm.SymbOS.Comwar.c
ClamAV: SymbOS.Worm.ComWar.C

SymbOS.Commwarrior.C is a worm that replicates on Series 60 phones. It attempts to spread using Bluetooth, Multimedia Messaging Service (MMS), and Multmedia Cards (MMC) as a randomly named .sis file. It has been reported that one of the possible file names is SymCommander_1_06.sis.


I picked up this on from the email I received. It had URL to a site hosting the .exe (postcard.jpg.exe) and I got a chance to download the malware.
Clamav: Trojan.IRCBot-93
Kapersky (online):

  • postcard.jpg.exe/data.rar/script.ini - infected
    by Backdoor.IRC.Zapchast
  • postcard.jpg.exe/data.rar/svchost.exe - infected by Virus.Win32.Parite.b

  • postcard.jpg.exe/data.rar/sup.reg - infected by Backdoor.IRC.Zapchast

MD5 c28241011e094ae2435988006ec108db
SHA-1 a75babdb303cf5160bcd068ae6c711bd5b5f565e

Note: It's quite interesting to see that Kapersky extracts other files in the *.exe.


| |

Anyone have any samples of this please?


Create Your Own Virus Kit!

Offensive Computing proudly presents, the create your own virus webpage. We've noticed that the quality of viruses being created have gone down considerably. Who can blame the VX writers? Writing code is hard, especially after being awake for 16 days straight. To help you gain street cred use the Offensive Computing Virus Builder 9000

1337 vX n4m3:

Exploit Method:



ClamAV 0.88/1333/Wed Mar 15 06:57:53 2006: Worm.P2P.Capside.C
Kaspersky: P2P-Worm.Win32.Capside.d

MD5: 3ca444c74d4f7c32315cb3cc439e6a6b
SHA1: 50ced47778e9083f727f01902da13fe5733ed8fd



MD5: a867d1287d7c51846ec65c855413e2a2
SHA1: 6604c6fa897139e2c4647cc342a683d72846dbeb

Antivirus Version Update Result
AntiVir 03.16.2006 Worm/Bagle.gen
Avast 4.6.695.0 03.16.2006 Win32:Beagle-IH
AVG 718 03.16.2006 Win32/Sality
Avira 03.16.2006 Worm/Bagle.gen
BitDefender 7.2 03.16.2006 Win32.Bagle.FJ@mm
CAT-QuickHeal 8.00 03.14.2006
ClamAV devel-20060126 03.16.2006 Worm.Bagle.CT
DrWeb 4.33 03.16.2006 Win32.HLLM.Beagle.27136
eTrust-InoculateIT 23.71.103 03.16.2006 Win32/Bagle.DW!Worm
eTrust-Vet 12.4.2121 03.16.2006 Win32/Bagle.DW
Ewido 3.5 03.16.2006 no virus found


MD5: f28a4c0f855afdf35d3d6fe541bbb881
SHA1: c47efe5311eb5e792064d068044197ef1f25850d

Syndicate content
Antivirus Version Update Result
AntiVir 03.16.2006 Worm/Mydoom.BB
Avast 4.6.695.0 03.16.2006 Win32:Mydoom-AM
AVG 718 03.16.2006 I-Worm/Mydoom.AP
Avira 03.16.2006 Worm/Mydoom.BB
BitDefender 7.2 03.16.2006