[EP_X0FF]

@EP_X0FF
May I ask you a question, how did you sort these malware, is there any specific application or a script?

Well it was simple. Collection was uploaded to server and then scanned through network by specially configured Dr.Web console scanner, the output scanner log was slightly corrected and then simple sorted in Excel.

[Xylitol]

@EP_X0FF
May I ask you a question, how did you sort these malware, is there any specific application or a script?

Well it was simple. Collection was uploaded to server and then scanned through network by specially configured Dr.Web console scanner, the output scanner log was slightly corrected and then simple sorted in Excel.

wut that a nice idea, personally i've coded my own bot, released here: http://www.kernelmode.info/forum/viewto ... f=11&t=683
not really advanced but... :)

[positronvx]

Here is a small collection:

http://hotfile.com/dl/76725102/455e2ff/01.rar.html
http://hotfile.com/dl/76664027/c868269/02.rar.html
http://hotfile.com/dl/76651312/84d1d8e/03.rar.html
http://hotfile.com/dl/76637765/bf10cde/04.rar.html
http://hotfile.com/dl/76812399/98f799e/00.rar.html
http://hotfile.com/dl/76841258/25a503a/05.rar.html
http://hotfile.com/dl/76857149/9a20a30/06.rar.html
http://hotfile.com/dl/76868122/a5e15b5/07.rar.html
http://hotfile.com/dl/76880397/12dad7f/08.rar.html
http://hotfile.com/dl/76893484/4976bb0/09.rar.html
http://hotfile.com/dl/76987154/4968569/0a.rar.html
http://hotfile.com/dl/77025109/5beb660/0b.rar.html
http://hotfile.com/dl/77068665/bef0cd0/0c.rar.html
http://hotfile.com/dl/77080982/34b8aca/0d.rar.html
http://hotfile.com/dl/77092510/6017a21/0e.rar.html
http://hotfile.com/dl/77103751/5f2bdf9/0f.rar.html
http://hotfile.com/dl/77400436/0bb0658/10.rar.html
http://hotfile.com/dl/77411817/54ac9ce/11.rar.html
http://hotfile.com/dl/77277900/3299b72/12.rar.html
http://hotfile.com/dl/77313123/8238db0/13.rar.html
http://hotfile.com/dl/77323329/8548bbf/14.rar.html
http://hotfile.com/dl/77333510/d83b37b/15.rar.html
http://hotfile.com/dl/77494350/f8e42fd/16.rar.html
http://hotfile.com/dl/77455025/251f2ef/17.rar.html
http://hotfile.com/dl/77475409/99f316b/18.rar.html
http://hotfile.com/dl/77510684/5c8cb40/19.rar.html
http://hotfile.com/dl/77524060/efa0225/1a.rar.html
http://hotfile.com/dl/77568062/ef9a60c/1b.rar.html
http://hotfile.com/dl/77583934/cdf6f43/1c.rar.html
http://hotfile.com/dl/77596711/984be30/1d.rar.html
http://hotfile.com/dl/77611734/957c053/1e.rar.html
http://hotfile.com/dl/77626610/135804e/1f.rar.html
http://hotfile.com/dl/77698212/8eb6abf/20.rar.html
http://hotfile.com/dl/77787271/1a71b91/21.rar.html
http://hotfile.com/dl/77803972/21159dc/22.rar.html
http://hotfile.com/dl/77836778/ae4ceaa/23.rar.html
http://hotfile.com/dl/77872680/18d279b/24.rar.html
http://hotfile.com/dl/77888434/30cf090/25.rar.html
http://hotfile.com/dl/77901980/9b6b0e5/26.rar.html
http://hotfile.com/dl/77913352/4115544/27.rar.html
http://hotfile.com/dl/77923016/395b4a7/28.rar.html
http://hotfile.com/dl/77933717/bdec4df/29.rar.html
http://hotfile.com/dl/77942492/e1fe843/2a.rar.html
http://hotfile.com/dl/78008971/dace0b4/2b.rar.html
http://hotfile.com/dl/78021955/326bf5d/2c.rar.html
http://hotfile.com/dl/78038844/f077846/2d.rar.html
http://hotfile.com/dl/78316472/edaa9d9/2e.rar.html
http://hotfile.com/dl/78332260/1bb2b3d/2f.rar.html
http://hotfile.com/dl/78347027/9837190/30.rar.html
http://hotfile.com/dl/78513580/b0b6146/31.rar.html
http://hotfile.com/dl/78532654/ed98ac6/32.rar.html
http://hotfile.com/dl/78548102/5169ae0/33.rar.html
http://hotfile.com/dl/78563335/2b311b8/34.rar.html
http://hotfile.com/dl/78845171/52e46e0/3a.rar.html
http://hotfile.com/dl/78859844/4506115/3b.rar.html
http://hotfile.com/dl/78967012/53904dc/3c.rar.html
http://hotfile.com/dl/78986615/315d4e3/3d.rar.html
http://hotfile.com/dl/79003195/1584414/3e.rar.html
http://hotfile.com/dl/79017440/9ab7beb/3f.rar.html
http://hotfile.com/dl/79092013/696e216/40.rar.html
http://hotfile.com/dl/79106705/e3b2134/41.rar.html
http://hotfile.com/dl/79122579/bf99510/42.rar.html
http://hotfile.com/dl/79137738/6ef0fdc/43.rar.html
http://hotfile.com/dl/79155983/5a057cd/44.rar.html
http://hotfile.com/dl/79170875/d8864b5/45.rar.html
http://hotfile.com/dl/79185722/18a35a9/46.rar.html
http://hotfile.com/dl/79218629/c56fc5b/48.rar.html
http://hotfile.com/dl/79228168/3f4ac25/49.rar.html
http://hotfile.com/dl/79237775/016e74d/4a.rar.html
http://hotfile.com/dl/79247945/a31ca6a/4b.rar.html
http://hotfile.com/dl/79265450/d1bb521/47.rar.html
http://hotfile.com/dl/79279169/af9a686/4c.rar.html
http://hotfile.com/dl/79294086/f84a7e3/4d.rar.html
http://hotfile.com/dl/79309442/985ecfe/4e.rar.html
http://hotfile.com/dl/79325658/1ec364a/4f.rar.html
http://hotfile.com/dl/79417085/af528fa/50.rar.html
http://hotfile.com/dl/79444585/76ae36b/51.rar.html
http://hotfile.com/dl/79462265/1d4c48c/52.rar.html
http://hotfile.com/dl/79475797/dde3225/53.rar.html
http://hotfile.com/dl/79500742/5fdc5f5/54.rar.html
http://hotfile.com/dl/79520735/6a52e65/55.rar.html
http://hotfile.com/dl/79590422/7757438/56.rar.html
http://hotfile.com/dl/79612798/76c0a16/57.rar.html
http://hotfile.com/dl/79628287/579871e/58.rar.html
http://hotfile.com/dl/79641364/8f288ef/59.rar.html
http://hotfile.com/dl/79651876/f2666d2/5a.rar.html
http://hotfile.com/dl/79661431/e40e477/5b.rar.html
http://hotfile.com/dl/79671605/6111494/5c.rar.html
http://hotfile.com/dl/79680834/f8b8e0f/5d.rar.html
http://hotfile.com/dl/79691197/da13b2a/5e.rar.html
http://hotfile.com/dl/79704425/3c6a53c/5f.rar.html
http://hotfile.com/dl/79718467/61b8dda/60.rar.html
http://hotfile.com/dl/79731656/eac61f3/61.rar.html
http://hotfile.com/dl/79748843/9860719/62.rar.html
http://hotfile.com/dl/78695673/48a95dd/35.rar.html
http://hotfile.com/dl/78721823/536e728/36.rar.html
http://hotfile.com/dl/78740111/1278147/37.rar.html
http://hotfile.com/dl/78758759/0758053/38.rar.html
http://hotfile.com/dl/78775601/ce4baed/39.rar.html
http://hotfile.com/dl/79808475/40e18a5/63.rar.html
http://hotfile.com/dl/79821395/8ac2f3b/64.rar.html
http://hotfile.com/dl/79834458/6b3f489/65.rar.html
http://hotfile.com/dl/79847828/81b3d75/66.rar.html
http://hotfile.com/dl/79857254/1710e21/67.rar.html
http://hotfile.com/dl/79867414/6d96534/68.rar.html
http://hotfile.com/dl/80027830/e541753/69.rar.html
http://hotfile.com/dl/80047571/ff441fb/6a.rar.html

[EP_X0FF]

Hello,

that cool.

So total size is about 30Gb?

what kind of malware inside and how old is it?

Regards.

[Meriadoc]

Here is a small collection:

If positronvx and positron are one of the same then they are also part of (added to) the vxheavens collection.

[Avinash]

Please note that these samples are only for analysis purpose and not for any criminal activities.

URL:- http://cramitin.us/364a02k51y78

URL:- http://cramitin.us/1yd4btjn42l2

It contains more than 7,000 latest malicious files for testing and analysis. Please Use at your own risk.

[Meriadoc]

Hi Avinash,

thanks for sharing :) was the collection gleaned by yourself, what does it contain?

url1 657.2 Mb
url2 500.6 Mb

[EP_X0FF]

Mirroring somewhere will be good idea, because of 50 Kb/sec limit of cramitin.us

[Xylitol]

downloaded the first archive of 657.2 Mb and there is only 1k9 files
archive password: infected


with alot of folders who are finally empty

like:
2011-02-17\M\MalwareScope\Backdoor\Hupigon\17\MalwareScope.Backdoor.Hupigon.17
2011-02-17\O\OScope\Dialer\GMHA\OScope.Dialer.GMHA
2011-02-17\R\Rootkit\Win32\Koobface\ff\Rootkit.Win32.Koobface.ff
2011-02-17\T\Trojan-Dropper\MSIL\StubRC\gve\Trojan-Dropper.MSIL.StubRC.gve
2011-02-17\T\Trojan-Dropper\Scared\Trojan-Dropper.Scared
2011-02-17\T\Trojan-PWS\Stealer\Trojan-PWS.Stealer
lol really... 3k6 folders and 1k9 files.. ok have fun creating empty folders, full waste of time.
where are your 7k files ?

edit: the 2nd archive (500mb) is also password protected and password like 'infected' or 'malware' dont work so i hope you have a good zip brute forcer.
according to winrar the 2nd archive: 2262 other archives.

[EP_X0FF]

Password was infected.
First archive include samples sorted in directories by malware name.
Second archive contains zip archives named by MD5 hash of sample.
I assume this is two different collections.

Not so many really new files, maybe few percents. Some files dated back to 2006, 2009. Total count is 4191. How many clean, empty or duplicate files I don't know.

I've combined both archives in one with only MD5 named files inside (directories removed), split it on 4 parts and uploaded them to megaupload.

pass for archive - malware

http://www.megaupload.com/?d=7WZAB1VP (350 MB, part 1)
http://www.megaupload.com/?d=ZOD4Q052 (350 MB, part 2)
http://www.megaupload.com/?d=NXFTGLZL (350 MB, part 3)
http://www.megaupload.com/?d=NMK9DG7J (58.54 MB, part 4)

Files will be deleted by megaupload after 21 day.