A forum for reverse engineering, OS internals and malware analysis 

Forum for requesting malware samples. Please use the search function before posting!
2. Do not bump your request.

Please read the rules post in this forum before posting any requests. Thank you.
 #16513  by a_d_13
 Fri Nov 09, 2012 4:54 am

This forum is for requesting malware samples. Please read these rules before posting any requests:
  1. Requests from users with ZERO (0) posts, "thank-you" only posts, or requests-only posts not allowed. Make your effort for this place before asking anything. This mean that you have to contribute to this forum before requesting malware samples. It is simple - share your knowledge, interesting new malware samples or anything like that, but do not flood and please don't spam with random github code.
  2. If you ask for samples, we assume you know how to use them (or at least how to make them work in a test environment).
  3. Malware request must be in the following format:
    1. Malware names(s) which you want (more names = better), names better take from AV companies.
    2. Hash of particular sample (optional), MD5 or SHA1. This increases your chances to get what you want.
    3. Short description of malware you want (optional), link to AV site/article etc describing malware.
  4. Posts which does not match above format will be DELETED.
  5. Before asking for malware, use the search function - maybe the sample (or other sample from the same malware family) you're looking was already posted here.
  6. Do not ask for MS-DOS, Windows 95/98/ME malware.
  7. Do not bump your requests. First bump -> you will be warned, your post will be removed. Second bump - you will be banned.
  8. This thread is only for requests and sharing. If you want to discuss specified malware you requested - start new thread.
  9. No offtopic posts. All offtopic will be deleted, user will be warned.
  10. No "thanks" posts.
EXAMPLE of correct request
Hello, I'm looking for particular sample of

a) TDL4, Alureon.DX, TDSS, Olmarik
b) MD5 8375a3dafd6176b92856bf6c28ea4fd4 (if you have others samples, please attach also)
c) This is modern kernel mode rootkit with own implemented VFS. This is presentation about it http://www.virusbtn.com/pdf/conference_ ... VB2010.pdf

Thank you.
EXAMPLE of incorrect request
i'm looking for virus that kills all files on disk C:\, process named bvjs908bhsopbhsl.exe!
Last edited by EP_X0FF on Sun Jan 27, 2019 5:44 pm, edited 2 times in total. Reason: Made contribution notice more clear.