A forum for reverse engineering, OS internals and malware analysis 

Forum for completed malware requests.
 #9716  by korczyn
 Wed Nov 16, 2011 1:36 pm
Hi,

I have not a typical malware request (maybe someone will be able to help):

I am searching for viruses spreading through Skype chat, I have tested:

Worm.Win32.Skipi.b:
md5 : ED6BB008B67AF3BC5D388AB0C16F5DC1
md5 : 8527F1C84E0E137A9A3111CE40014F9C

Tofsee md5: bdd2d7f5599349a0d60a5ea5cd767550

IM-Worm.Win32.Zeroll.b md5: bade32eed7095372e90c69e44f54d41f
IM-Worm.Win32.Zeroll.g md5: 88930B337F482EB19987725686F02D90
IM-Worm.Win32.Zeroll.r md5: 062BB5D0411D9B9644C8625BDDA5A5D2

but only in case of Worm.Win32.Skipi.b I observed the spreading process...
Have you seen some viruses that actually spread through Skype chat?

It's a bit open question with no md5 and even names but I cannot find any better way to get some samples for analysis,

As far as the analysis process itself is concerned, I ve tested different Windows, Skype versions, I ve also analysed samples outside the VM cause Tofsee can detect VM and terminate its (e.g. virus) operation...

thx in advance for your help,
regards,
korczyn
 #9905  by CloneRanger
 Fri Nov 25, 2011 4:21 am
I realise this might be a tough call, but i'll ask anyway. I'm hoping to get hold of any of these.

Made by http://www.gammagroup.com & in particular FinFisher IT Intrusion http://www.finfisher.com http://www.finfisher.com/FinFisher/en/portfolio.php
fin.gif
fin.gif (7.73 KiB) Viewed 595 times
Details of such programs, for eg: in here http://www.spiegel.de/international/ger ... 59,00.html

I'm sorry i don't have the .exe etc names or MD5's etc.

I'd like to test them & see how my comp/security deals with them.

TIA
 #9925  by Striker
 Sat Nov 26, 2011 11:45 pm
Radovan wrote:looking for driver of storm worm if anyone have
another samples in attach.
Attachments
pw = zoit
(572.88 KiB) Downloaded 73 times
 #10032  by korczyn
 Wed Nov 30, 2011 4:51 pm
Hello,

I m looking for the following malware (sorry for a long post, but I guess more detailed info increases my chances to get some samples):
I m searching for some families of IM worms this time targeting Yahoo IM:

1)
IM-Worm.Win32.Sohanad.bm [Kaspersky Lab]
W32/YahLover.worm.gen [McAfee]
md5: D6B9250BC52DF4C077642C7BCEAD8C92
http://www.threatexpert.com/report.aspx ... 7bcead8c92
md5: 728D0D982C5D90E6509619B102D199F3
http://www.threatexpert.com/report.aspx ... b102d199f3
md5: C427F41A9EB12166C278DA8FED8A0C4A
http://www.threatexpert.com/report.aspx ... f689f2b6b6
md5: A479CCE0018DF32AEAB725EAE097D258
http://www.threatexpert.com/report.aspx ... eae097d258

2)
IM-Worm.Win32.Ckbface.bvn [Kaspersky Lab]
md5: 0638669EF7811339BAB6D1A04E46D3E7
http://www.threatexpert.com/report.aspx ... a04e46d3e7

3)
Trojan.Termex [PCTools]
W32.Imaut.D [Symantec]
IM-Worm.Win32.Qucan.b [Kaspersky Lab]
md5: D1720CEFEE3789344ECDDB33CEA149A0
http://www.threatexpert.com/report.aspx ... 33cea149a0

4)
Email-Worm.Kelvir [PCTools]
W32.Kelvir [Symantec]
IM-Worm.Win32.VB.aw [Kaspersky Lab]
md5: 2786222A073A19F68A1B2F319E245073
http://www.threatexpert.com/report.aspx ... 319e245073

5)
Trojan-Downloader.Win32.Banload.ozg [Kaspersky Lab]
md5: E9691869D05B9CB9F54BD57390C30342
http://www.threatexpert.com/report.aspx ... 7390c30342

6)
W32.Yimfoca [Symantec]
Trojan.Win32.Buzus.erxx [Kaspersky Lab]
md5: 63D558FF97D210981DD949E96AEB260D
http://www.threatexpert.com/report.aspx ... e96aeb260d

Trojan.Win32.Jorik.SdBot.as [Kaspersky Lab]
http://www.threatexpert.com/report.aspx ... 809ef14b19
md5: 6665B2838608D7DF014561809EF14B19
http://www.threatexpert.com/report.aspx ... 56abd4ff69
md5: 79B01A638EE22248D047EE56ABD4FF69
http://www.threatexpert.com/report.aspx ... 7b6ad642e8
md5: 5106EAD45A7667225060527B6AD642E8

Trojan.Win32.Agent.exdz [Kaspersky Lab]
http://www.threatexpert.com/report.aspx ... 6bb2b5669e
md5: 6906CBC96BA46FDE4B4A106BB2B5669E

Backdoor.Win32.IRCBot.pso [Kaspersky Lab]
http://www.threatexpert.com/report.aspx ... 3a0f55f4fc
md5: 48BC14C27E22E25DCCA42232C3D89F2D46C27033

http://www.threatexpert.com/report.aspx ... 240cc71fe3
md5: F30906DDFDB153C1D0A2C3240CC71FE3
http://www.threatexpert.com/report.aspx ... 7cab986aae
md5: BD8282316060C2EE4BB64B7CAB986AAE

IM-Worm.Win32.Yahos.il [Kaspersky Lab]
http://www.threatexpert.com/report.aspx ... 4de837ef5b
md5: E393A2FDAAAED5CAAB7B5A4DE837EF5B

thanks a lot,
korczyn
 #10041  by dcmorton
 Wed Nov 30, 2011 11:20 pm
Here's the three I've got.
korczyn wrote: md5: 2786222A073A19F68A1B2F319E245073
md5: E9691869D05B9CB9F54BD57390C30342
md5: F30906DDFDB153C1D0A2C3240CC71FE3
Attachments
passsword: infected
(148.12 KiB) Downloaded 52 times
 #10269  by rough_spear
 Fri Dec 09, 2011 6:40 pm
Hi ich,
You might be looking for the sample attached below... ;)

password is malware.
ich wrote:Hi, I am looking for SuiConFo.apk that had been analyzed at _http://www.securelist.com/en/blog/208193261/SM ... _the_world

I cold not find the correct malware from file sharing sites.

Thanks.
Regards,

rough_spear. 8-)
Attachments
password - malware.
(15.3 KiB) Downloaded 43 times
  • 1
  • 4
  • 5
  • 6
  • 7
  • 8
  • 10