Finding a collection of current viruses, and even more so with a description and source code, is not an easy task. We have already told you where to download viruses for analysis and study. Today I will tell you about one more source where you can find and download virus samples, but this time not just malware found on the network, but executable files and virus sources with detailed information.
In this article, you will learn about a couple of interesting projects that offer to plunge into the world of the source code of all kinds of Trojans, botnets, keyloggers, stealers, worms, etc.
Virus samples
- Foreword
- Virus sources
- TheZoo project
- Malware Project
Executable files and virus sources may be needed to analyze the technologies used by malware, to study the behavior of viruses in the system (monitoring the file system, processes, registry changes) and testing antiviruses. Employees of antivirus companies are willing to pay money to get the source code for a new virus.
You can download virus samples for study and analysis on your computer, but you cannot distribute and infect others with them.
The purpose of these projects is to give specialists of anti-virus companies and people interested in virus analysis to understand the structure of the malicious code of malware.
Attention! Please note that the downloaded files are working viruses. Some of them will try to infect your computer. Never run the downloaded files on your primary computer. I also do not recommend downloading virus samples without extensive knowledge of malware analysis.
In any case, the site www.spy-soft.net does not bear any responsibility for any harm caused by you to your own and other people's computers.
I highly recommend using a virtual machine for virus analysis. Do not forget about malicious worms that will try to spread and escape from the virtual machine. To avoid this, I advise disabling all VM guest additions, network access, etc. You can find out how to do this from the link above.
Virus sources: Project theZoo
Let's start our review with the project theZoo, which translates as a zoo (with humor, the authors are fine). It is located in the Githab repository.
The goal of the project is to make the study of viruses available. The authors collect and update the virus database. With the help of theZoo, you will be able to access popular malware samples.
Both the executable file and the source code are offered for download and study.
You can use the theZoo project in different ways: directly from the site or using a framework. We'll cover both ways. Let's start with the first one.
So, go to the site and see several directories and files.
Virus executable files are located in the directory:
theZoo / malwares / Binaries /
In it you will find the executable file of viruses. For each individual malware - a separate directory containing 4 files: the malware itself in encrypted form in a ZIP archive, SHA256 and MD5 - archive checksums for comparison and a password for the encrypted archive.
The source code of the viruses is located in the directory:
theZoo / malwares / Source / Original /
Each directory contains four similar files. Everything is the same as with executable files.
There is help for each individual sample, but you need to install a framework to use the help.
To install the theZoo framework, use the command:
Code:
git clone https://github.com/ytisf/theZooRequirements: urllib2, python3
Commands: search, use, get, info, list all, report-mal, update-db, exit. Learn more about commands using the help command.
So, we have dealt with this project, now we will consider another one.
Virus Samples: Malware Project
The Malware project is also hosted on Githab. The selection of viruses is not as large as in the zoo, but it is updated more often. Among a small number of malicious programs, you can find the source code for Trojans, botnets, ransomware, password stealers and other "good".
Here's the list to date:
- Alina Spark (Trojan)
- Bleeding Life 2 (Expolit pack)
- Carberp (Botnet)
- Carberp (Banking Trojan)
- Crimepack 3.1.3 (Exploit pack)
- Dendroid (Trojan for Android)
- Dexter v2 (Trojan)
- Eda2, Stolich, Win32.Stolich (Ransomware)
- FlexiSpy (Spyware)
- Fuzzbunch (Framework)
- GMBot (Android Trojan)
- Gozi-ISFB - (Banking Trojan)
- Grum (Spam bot)
- Hacking Team RCS (RAT)
- Hidden Tear
- KINS (Banking Trojan)
- Mirai (IoT Botnet)
- Pony 2.0 (Password Styler)
- PowerLoader (Botnet)
- RIG Front-end (Exploit pack)
- Rovnix (Bootkit)
- Tinba (Banking Trojan)
- TinyNuke (Banking Trojan)
- Trochilus, RedLeaves (RAT)
- Zeus (Banking Trojan)
Let's go to the Alina Trojan folder for example. Here we are offered several directories, among which there are sources. In addition, in the lower part, the authors added links to information related to the malware.
By the way, some samples require an activation key, which means that they were once rented or sold by virus writers.
Well, that seems to be all. If you know any other interesting projects, please write about them in the comments.
Good luck to everyone and information security!
