Community Malware Collection

Cowpipe

Level 16
Thread author
Verified
Well-known
Jun 16, 2014
781
Malwarebytes actually encrypts the quarantined files, so I'll either have to go hunting for a decryption key or perhaps figure out some way to grab the files before Malwarebytes quarantines them. Again this is the problem with the new version 2. Not sure how HitmanPro physically stores it's files though, again I'll look into it a bit later.

Thanks @Mateotis for the info :)
 

Cowpipe

Level 16
Thread author
Verified
Well-known
Jun 16, 2014
781
I do believe HMP encrypts their files too. I've done a small test.

I've uploaded a sample, titled "DUC40.exe" to VT, here it is: https://www.virustotal.com/en/file/...a129c118269c34bb718a484a105412fb770/analysis/
Then I've quarantined the file and scanned it. The two files' MD5, SHA256 are all different: https://www.virustotal.com/en/file/...a9ab7908665b04423d1fcf96/analysis/1403296652/

HitmanPro is encrypting the files using the Windows Security Descriptor, so it may be possible to decrypt the files using the same method. I've never worked with it before but I'll look into it and try to get some method working either tonight or tomorrow :)
 

Cowpipe

Level 16
Thread author
Verified
Well-known
Jun 16, 2014
781
Just a quick update for everyone following this, I've worked out a system for retrieving files from HitmanPro, sadly not Malwarebytes as of yet, but I'm working on a retrieval system for some other programs as well.

Will dedicate the whole of tomorrow to getting some code together for testing and I'd be really thankful if any of you are willing to give it a whirl :D

Thank you again to everyone here so far who's supported the idea, I posted it up thinking it was going to get shot down as kind of silly, so it's been a real boost to have you all involved :D:):):p
 

Cowpipe

Level 16
Thread author
Verified
Well-known
Jun 16, 2014
781
Just a quick request, if anybody has access to some quarantined virus samples (any antivirus) could you send them my way via PM? Working out various methods of decryption so we can have the Community Malware Collection as large as possible :):D

Cheers
 

Cowpipe

Level 16
Thread author
Verified
Well-known
Jun 16, 2014
781
Quick update: @Malware1 has put together some fantastic software to collect samples from infected machines, I've lent my server to store the samples which will of course be made public here at MalwareTips :) I'm currently working on some more methods of collection to be included in the program but of course we still have to test everything ;)

It's great to see this idea getting off the ground, thank you everyone for your support, I'm hoping soon to open a website with plenty of resources and information on malware, how to analyse it, and protect yourself from it and also a library of viruses and malware which you will be able to download from.

I'm thinking of launching it as a small weekly magazine, so if anybody is interested in contributing to that please give me a PM and I'd be more than happy to include you :D

Anyway those are the current updates, hope you like them :p
 

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
i can make that If you want but i would need an ftp server to upload the samples, except if you accept i upload to xviruscloud.
 
  • Like
Reactions: Cowpipe

Cowpipe

Level 16
Thread author
Verified
Well-known
Jun 16, 2014
781
i can make that If you want but i would need an ftp server to upload the samples, except if you accept i upload to xviruscloud.

Thanks for that Dani, we've got an application ready for testing at the moment and I'm providing my ftp server for the job, when we release the program it would be great if you could help us test it! :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top