[Vrtule]

Hello,

I am now searching for some malware samples that hide registry keys (especially from kernelmode, bud registry objects hiding by user mode hooking is also ok) to do some test with them. I have already used good old Rustock B sample.

Does anybody have samples of this type in his/her malware collection? I do not want to abuse the malware, I need it only for research/testing purposes.

Thanks in advance

[EP_X0FF]

UM SpyEye
KM Dncat, Bubnix aka NewRest/Rustock/Rustock.D (AFAIR), BlackEnergy2, TDL2

all samples posted on this forum use search

[Flopik]

You can use SPTD that come with DaemonTools

[kmd]

You can use SPTD that come with DaemonTools

sptd is not malware

[rkhunter]

Actually, his behavior is very similar to a rootkit.

[EP_X0FF]

Speaking about "legitimate" software which behaves like rootkit I may recommend to take a look on nProtect GameGuard. It is very unfriendly kernel mode rootkit based L2 game protection. Few years ago I was working on it bypassing with Fyyre :)

However, in case of topic subject sptd itself is not malware of course.

[rkhunter]

Lineage 2 has very extreme and agressive protection, even uses exploit for installing driver in system, as I saw. Perhaps even StarForce driver can not be compared with it.