[shadowlady2009]

:D
I'm new here
I have some malwares want to share for you;

I hope this collection usefully for your work.

Malware collection of Shadowlady2009

Includes: 2697 files
Size: 1000 MB
Pass: shadowlady2009

Code: Select all

http://hotfile.com/dl/97055690/c0e4bf2/MalwaresIofIV_ShadowLady.part01.rar.html
http://hotfile.com/dl/97055691/399e366/MalwaresIofIV_ShadowLady.part02.rar.html
http://hotfile.com/dl/97062435/5c3b6e5/MalwaresIofIV_ShadowLady.part03.rar.html
http://hotfile.com/dl/97065205/17a0a04/MalwaresIofIV_ShadowLady.part04.rar.html
http://hotfile.com/dl/97067846/483ab13/MalwaresIofIV_ShadowLady.part05.rar.html
http://hotfile.com/dl/97073120/618ca5c/MalwaresIofIV_ShadowLady.part06.rar.html
http://hotfile.com/dl/97076583/8cd59b9/MalwaresIofIV_ShadowLady.part07.rar.html
http://hotfile.com/dl/97078228/cd65667/MalwaresIofIV_ShadowLady.part08.rar.html
http://hotfile.com/dl/97083100/5f4aa78/MalwaresIofIV_ShadowLady.part09.rar.html
http://hotfile.com/dl/97085684/41870e4/MalwaresIofIV_ShadowLady.part10.rar.html

Mirrors:

Code: Select all

http://www.duckload.com/download/2194136/MalwaresIofIV_ShadowLady.part01.rar
http://www.duckload.com/download/2194148/MalwaresIofIV_ShadowLady.part02.rar
http://www.duckload.com/download/2194586/MalwaresIofIV_ShadowLady.part04.rar
http://www.duckload.com/download/2194856/MalwaresIofIV_ShadowLady.part03.rar
http://www.duckload.com/download/2195146/MalwaresIofIV_ShadowLady.part05.rar
http://www.duckload.com/download/2197690/MalwaresIofIV_ShadowLady.part06.rar
...(Waiting upload)
http://www.duckload.com/download/2197631/MalwaresIofIV_ShadowLady.part10.rar

[EP_X0FF]

Hello,

thanks, what kind of malware inside? And what is the source of this collection, manual harvesting?

Regards.

[shadowlady2009]

:mrgreen:
hi,
All kind!
File name has been change to MD5 (none extensions, can't execu if you don't want run it by self :mrgreen: )
This is pack with: scumware.org, malwareurl.com ... and some collection on offensivecomputing.net and some source

Udate:

Code: Select all

http://www.duckload.com/download/2198120/MalwaresIofIV_ShadowLady.part07.rar

[EP_X0FF]

It's cool :) I'm already reached download limit on hotfile, so 2nd part can be downloaded only after 0.5 hour.

[shadowlady2009]

You can download with ducload mirror. I will make more mirror for it ;)

Update:

Code: Select all

http://www.duckload.com/download/2198804/MalwaresIofIV_ShadowLady.part08.rar
http://www.duckload.com/download/2199199/MalwaresIofIV_ShadowLady.part09.rar

Mirror links:
Part 10:

Code: Select all

http://filestrack.com/j8gicoyj2p9x/MalwaresIofIV_ShadowLady.part10.rar.html

[Tesk]

I have an hotfile account, I can easily create a 1 link mirror, shall I do that?

[EP_X0FF]

Sure thanks :)

[Tesk]

Here is the download link:
http://www.myupload.dk/showfile/7386784d34b.zip

I can also upload other packages - and if it is to big to even get uploaded to this, I have an ftp server hosted on a 50/50 mbit connection, so I would be able to host most files

[EP_X0FF]

Collection analyzed.

There about few percents of clean files inside (for example Sandboxie installation), many duplicate malware (only difference is hash), some percents are Adware/Jokes, some clean files belongs to riskware section (remote admins tools, passview etc).

RAR collection size is 800 Mb.

Collection includes many TDL samples, Stuxnet, some Winlocks and FakeAV's, Kido sample - see attached table. In attach generated collection list with the following format

MD5 hash of sample
Item name as detected by Dr.Web 6.0 AV (I choose it only because it has most adequate malware naming which is better than for example Mal/FHdipf.@jffkds crap).

Several hashes listed few times because they are belongs to installation programs and detected malwares were inside installation.

Of course Dr.Web is not 100% detector, so there will be false positives as well as undetected malware (I will take a look on it later).

If you have any other collections you would like to share, please do it. Collection size does not matter.

[gigaz]

@EP_X0FF
May I ask you a question, how did you sort these malware, is there any specific application or a script?