Question Regarding Malware Samples

Aerdian

Level 3
Thread author
Verified
Well-known
Jun 3, 2018
119
I have more recently gotten into malware analysis (the last 4-5 months) and I had a few questions about finding and downloading malware samples.

I download samples to analyze the malware, test AV programs and see how the detection ratios are. Then, I send any samples that are malicious that weren't caught to the AV company. That said, I am not using the samples in a malicious way, far more in a beneficial way. However, since I'm sure some bad, illegitimate people go download the same malware samples with the intent of using them to infect others or using them to learn how malware works so they can make their own, is there anything wrong with downloading malware samples? Do governments put malware analysts on "watchlists" or whatever list possibly suspicious people go onto since they are downloading malware?

Since there are a lot of malware analysts on this forum and I know that many do not work professionally for an AV company, I'm guessing that it's entirely fine, but I just wanted to check on that :)

Thanks!
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,166
Aerdian- You are fine legally. As you are downloading the malware probably from some malware repository, they (the malware) already would be considered Public domain (not copy-written, obviously). And if you share these anywhere, plopping them in a password protected archive ("infected" or "malware") will protect you from any "Intent To Harm" charge.

However as you go on, if you ever code something novel yourself (true zero day FUD)- Never Ever (never ever) share the code with anyone! Even in contacting a Vendor do NOT use the traditional submission pathway nor include the malware itself. Preferred method of submission is explaining the mechanism of attack and why the malware breached the product (needed in case the folk receiving it are idiots); the proper email would be security@whatever vendor.com (normally this is the email address for exploits and zero day stuff).

Finally, if you ever get to the point where you code something and feel like presenting the next best thing in malware at a Conference, Do Not Do It. You would be proof from Legal Action, but not from Guilt when similar things show up in a month.
 

sreeroopkt

New Member
Nov 7, 2018
1
My laptop is infected with GANDCRAB V5.0.4 ransomware and all files are encrypted.
The extension of all my files in laptop including big video files (.doc, jpj, txt, mp4 etc) are converted to .psqak and unable to open.
Please let me know how to clean this. I've scanned with GrindinSoft Anti-Malware tool and removed infection but it still didn't decrypt my files back.
Will a system restore work?
So let me know how to recover back to regain my files. Pls contact me in below email if there are any safe recovery methods.

Sree
sreeroopkt@gmail.com
 
  • Like
Reactions: vtqhtr413
E

Eddie Morra

My laptop is infected with GANDCRAB V5.0.4 ransomware and all files are encrypted.
The extension of all my files in laptop including big video files (.doc, jpj, txt, mp4 etc) are converted to .psqak and unable to open.
Please let me know how to clean this. I've scanned with GrindinSoft Anti-Malware tool and removed infection but it still didn't decrypt my files back.
Will a system restore work?
So let me know how to recover back to regain my files. Pls contact me in below email if there are any safe recovery methods.

Sree
sreeroopkt@gmail.com
See the following: Malware Removal Assistance For Windows
 
  • Like
Reactions: vtqhtr413

ChemicalB

Level 8
Verified
Sep 14, 2018
360
My laptop is infected with GANDCRAB V5.0.4 ransomware and all files are encrypted.
The extension of all my files in laptop including big video files (.doc, jpj, txt, mp4 etc) are converted to .psqak and unable to open.
Please let me know how to clean this. I've scanned with GrindinSoft Anti-Malware tool and removed infection but it still didn't decrypt my files back.
Will a system restore work?
So let me know how to recover back to regain my files. Pls contact me in below email if there are any safe recovery methods.

Sree
sreeroopkt@gmail.com
I don't know if there is a decrypter for that ransomware.
I doubt a local system restore may work; the best solution in these cases is to have a previous backup of your files on an offline and external support.
 

L0ckJaw

Level 19
Verified
Content Creator
Well-known
Feb 17, 2018
870
My laptop is infected with GANDCRAB V5.0.4 ransomware and all files are encrypted.
The extension of all my files in laptop including big video files (.doc, jpj, txt, mp4 etc) are converted to .psqak and unable to open.
Please let me know how to clean this. I've scanned with GrindinSoft Anti-Malware tool and removed infection but it still didn't decrypt my files back.
Will a system restore work?
So let me know how to recover back to regain my files. Pls contact me in below email if there are any safe recovery methods.

Sree
sreeroopkt@gmail.com
Download the Decrypt tools here : The No More Ransom Project
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top