Skip navigation.


Looking for sample





Hello , yesterday i downloaded the latest version of zerowine , and i wanted to use it in vmware so i followed this tutorial :Automated Malware Analysis with Zerowine

to convert the image to vmdk , i installed the new vmware machine all goes well but when i wanted to start using zerowine :
i entered in my browser all what i get is :
" Error response

Error code 501.

Message: Unsupported method ('GET').

Error code explanation: 501 = Server does not support this operation.

Scalable, Automated Baremetal Malware Analysis

This week I will be presenting on scalable, automated baremetal malware analysis at Black Hat Europe. My presentation will coincide with the release of NVMTrace, a tool that facilitates automated baremetal sample processing using inexpensive hardware and freely available technologies. More information is available at the following link:

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis

If you are attending Black Hat Europe and malware analysis is a topic of interest to you, please attend my talk. If you are interested but will not be in attendance, please let me know and I will make my whitepaper and slide set available to you.

BHO Reversing


From a long time for those days (BHO is supported since IE 4.0) malware writers exploit BHO functionality to bully on IE users.
Mostly evil BHO has two functionality ( for sure if we talk about bankers):

- monitoring/logging requests sending by browser
POST dump - password stealing
- HTML page code dynamic modification
HTML code injection - used for e.g - adding additional form fields intended to obtain, more amount of TAN codes or generally some


Read entire post here: BHO Reversing

Looking for Downadup/Conficker worm


Hi everyone,

I am an IT student and I am looking for a sample of Downadup/Conficker to demonstrate on a sandboxed machine for my IT Security Class. There are a bunch that show up on a search, but I can't seem to get them to run. Does anyone have any experience with this thing?



Malware request: malicious and safe PDFs


I work for a research organization, and I'm looking into the ability to use machine learning techniques to learn safe vs malicious PDF documents. In order to do this, I need massive quantities of both. I've been able to find 32 malicious PDFs on this website, and was able to crawl the web for 1600 likely safe PDF documents. Does anyone known of some good sources for such things? Thank you.

Tourettes Guy Trojan


I /really/ need a sample of the Tourette's Guy Trojan for malware research.

Thanks in Advance,

Static Analysis via Intermediate Languages

| |

Hello everybody, I've been a member here for a little while but have mainly lurked around the site. I'm currently pursuing a line of malware research involving disassembling x86 binaries and translating them into an intermediate language to describe behavior of basic blocks. I was curious if there are other examples of this type of approach. I am aware of Zynamics's REIL, but was curious if you all have taken remotely similar approaches and have any suggestions as far as tools, approaches, ideas, etc goes. Thanks a lot!

PE FILE analysis


Trying to understand the addressofentrypoint in the optionalheader. Is this only useful when the pe file is loaded in memory? In other words can it be used to find the same point while viewing the pe file with a hex editor?

MeMMon - A Light Weight Process Memory Scanner

| | |

Vejovis is a project that was started to develop an user mode memory scanning tool "MeMMoN - A Process Memory Scanning Tool". It scans the memory of all the processes in the system. It can be downloaded from the below link.


Syndicate content