KernelMode.info

Hello,

this is special thread about malware samples requests.

Thread posting rules.

1. Asking for malware sample assumes by default - You know how to deal with them (at least how to make them work on test environment)
2. Malware request must in following format:

a) Malware name(s) which you want (more names - better), names must be from AV companies. No names - no samples.
b) Hash of particular sample (optional), MD5 or SHA1
c) Short description of malware you want (optional), link to AV site/article etc describing malware.

3. Posts which does not match above format will be DELETED.
4. Do not ask for MS-DOS, Windows 95/98/ME malware. It's 2011 year.
5. Do not bump your requests. First bump -> you will be warned, your post will be removed. Second bump - you will be banned.
6. This thread is only for requests and sharing. If you want to discuss specified malware you asked - start new thread.
7. No offtopic posts. All offtopic will be deleted, user will be warned.
8. No "thanks" posts - use Give reputation buttons (located right after joined date).

(Note: this thread also contains all previously posted malware requests so they do not matching posted above format.)

EXAMPLE of correct request

Hello, I'm looking for particular sample of

a) TDL4, Alureon.DX, TDSS, Olmarik
b) MD5 8375a3dafd6176b92856bf6c28ea4fd4 (if you have others samples, please attach also)
c) This is modern kernel mode rootkit with own implemented VFS. This is presentation about it http://www.virusbtn.com/pdf/conference_ ... VB2010.pdf

Thank you.

EXAMPLE of incorrect request

i'm looking for virus that kills all files on disk C:\, process named bvjs908bhsopbhsl.exe!

I have just read about this new malware, does anyone have this sample?
detail infomation:
http://norman.com/security_center/virus ... ve/129146/

payload or the FF 0-day?

They have made it somewhat difficult to locate which FF 0-Day was used

More infomation:
http://techblog.avira.com/2010/10/27/ne ... e-wild/en/
http://www.symantec.com/business/securi ... 99&tabid=2
http://norman.com/security_center/virus ... ve/129146/

It is very difficult to find the sample Trojan.Dropper [Symantec]. Anyone can help me, please?

The following files were created in the system:

1 %CommonPrograms%\Startup\ctfmon.exe 31,744 bytes MD5: 0x8E975565E072B17C59FF5112EF7A8974
SHA-1: 0x4E14E755693E5F447636DB99948AECB73F6A0ECA Backdoor.Trojan [PCTools]
Backdoor.Trojan [Symantec]
2 %System%\c_190012.nls 4,096 bytes MD5: 0xAE0928F509A9CDD702BCDAC4F73F6594
SHA-1: 0xD6E6329F1AF33C88F5227F9657BDB76A00035B0F (not available)
3 %System%\msnetacsvc.dll 80,896 bytes MD5: 0x01A08705E2596C151389CE140763F6B6
SHA-1: 0x49DA1289BC74FDD30D865AA53773448F4F6D2EF1 Trojan.Generic [PCTools]
Trojan Horse [Symantec]
4 [file and pathname of the sample #1] 122,368 bytes MD5: 0x4C388904BF26225A459DFEA449CAEE47
SHA-1: 0xC225E9DE30D91BDFF081931985D05C8E815F1F71 Trojan.Dropper [PCTools]
Trojan.Dropper [Symantec]


more detail:http://www.threatexpert.com/report.aspx ... a449caee47

i heard there is an special zeus for pocketpcs out.
have somebody infos and perhaps an sample?

You guys picked up on this one already?

http://news.softpedia.com/news/New-Root ... um=twitter

somebody able to share this sample?
http://blog.trendmicro.com/updated-zeus ... t-spotted/

Anyone got the POC demonstrated in this video?

http://www.offensive-security.com/offse ... explorer-c

Thanks.

Hi

I've been looking everywhere for this multi-platform trojan 'Boonana', It's been around for a while but yet I've been unable to grab a sample

It's detected mainly as 'Java:Boonana-A' and 'Trojan.Jnana', also 'Alboto'

References:

http://www.virustotal.com/file-scan/rep ... 1296210260

http://www.seguranca-informatica.net/20 ... a-bot.html