Page 1 of 10

Old Malware Requests, part 1

PostPosted:Tue Mar 16, 2010 6:51 pm
by EP_X0FF
Hello,

this is special thread about malware samples requests.

Thread posting rules.

1. Asking for malware sample assumes by default - You know how to deal with them (at least how to make them work on test environment)
2. Malware request must in following format:

a) Malware name(s) which you want (more names - better), names must be from AV companies. No names - no samples.
b) Hash of particular sample (optional), MD5 or SHA1
c) Short description of malware you want (optional), link to AV site/article etc describing malware.

3. Posts which does not match above format will be DELETED.
4. Do not ask for MS-DOS, Windows 95/98/ME malware. It's 2011 year.
5. Do not bump your requests. First bump -> you will be warned, your post will be removed. Second bump - you will be banned.
6. This thread is only for requests and sharing. If you want to discuss specified malware you asked - start new thread.
7. No offtopic posts. All offtopic will be deleted, user will be warned.
8. No "thanks" posts - use Give reputation buttons (located right after joined date).

(Note: this thread also contains all previously posted malware requests so they do not matching posted above format.)

EXAMPLE of correct request
Hello, I'm looking for particular sample of

a) TDL4, Alureon.DX, TDSS, Olmarik
b) MD5 8375a3dafd6176b92856bf6c28ea4fd4 (if you have others samples, please attach also)
c) This is modern kernel mode rootkit with own implemented VFS. This is presentation about it http://www.virusbtn.com/pdf/conference_ ... VB2010.pdf

Thank you.
EXAMPLE of incorrect request
i'm looking for virus that kills all files on disk C:\, process named bvjs908bhsopbhsl.exe!

W32/Belmoo.A

PostPosted:Wed Oct 27, 2010 4:09 am
by xhandsome
I have just read about this new malware, does anyone have this sample?
detail infomation:
http://norman.com/security_center/virus ... ve/129146/

Re: W32/Belmoo.A

PostPosted:Wed Oct 27, 2010 7:48 am
by PX5
payload or the FF 0-day?

They have made it somewhat difficult to locate which FF 0-Day was used

Re: W32/Belmoo.A

PostPosted:Fri Oct 29, 2010 8:12 am
by xhandsome

Trojan.Dropper [Symantec]

PostPosted:Thu Nov 04, 2010 9:01 am
by xhandsome
It is very difficult to find the sample Trojan.Dropper [Symantec]. Anyone can help me, please?

The following files were created in the system:

1 %CommonPrograms%\Startup\ctfmon.exe 31,744 bytes MD5: 0x8E975565E072B17C59FF5112EF7A8974
SHA-1: 0x4E14E755693E5F447636DB99948AECB73F6A0ECA Backdoor.Trojan [PCTools]
Backdoor.Trojan [Symantec]
2 %System%\c_190012.nls 4,096 bytes MD5: 0xAE0928F509A9CDD702BCDAC4F73F6594
SHA-1: 0xD6E6329F1AF33C88F5227F9657BDB76A00035B0F (not available)
3 %System%\msnetacsvc.dll 80,896 bytes MD5: 0x01A08705E2596C151389CE140763F6B6
SHA-1: 0x49DA1289BC74FDD30D865AA53773448F4F6D2EF1 Trojan.Generic [PCTools]
Trojan Horse [Symantec]
4 [file and pathname of the sample #1] 122,368 bytes MD5: 0x4C388904BF26225A459DFEA449CAEE47
SHA-1: 0xC225E9DE30D91BDFF081931985D05C8E815F1F71 Trojan.Dropper [PCTools]
Trojan.Dropper [Symantec]


more detail:http://www.threatexpert.com/report.aspx ... a449caee47

[searching] zeus for pocketpc

PostPosted:Fri Nov 19, 2010 4:07 pm
by markusg
i heard there is an special zeus for pocketpcs out.
have somebody infos and perhaps an sample?

Rootkit.Woor.A

PostPosted:Tue Nov 30, 2010 1:51 pm
by Every1is=
You guys picked up on this one already?

http://news.softpedia.com/news/New-Root ... um=twitter

PE_LICAT.B-O

PostPosted:Wed Dec 08, 2010 2:30 pm
by markusg
somebody able to share this sample?
http://blog.trendmicro.com/updated-zeus ... t-spotted/

New IE zero-day POC request

PostPosted:Thu Dec 23, 2010 8:17 pm
by ssj100
Anyone got the POC demonstrated in this video?

http://www.offensive-security.com/offse ... explorer-c

Thanks.

Re: Malware Requests

PostPosted:Wed Feb 02, 2011 8:38 am
by Radovan
Hi

I've been looking everywhere for this multi-platform trojan 'Boonana', It's been around for a while but yet I've been unable to grab a sample

It's detected mainly as 'Java:Boonana-A' and 'Trojan.Jnana', also 'Alboto'

References:

http://www.virustotal.com/file-scan/rep ... 1296210260

http://www.seguranca-informatica.net/20 ... a-bot.html