Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Malware

Malware Research, Collection, and Analysis

All of this information was collected by doing google searches or from the URLs mentioned in the References section. I collected them here because I wanted a single list that I could update, refer to, and share with others. Simply having a link listed here is not necessarily an endorsement. I only have personal experience with a small number of the resources listed here. I did however, make an initial attempt to remove dead links from the reference links. Some good starting points are Lenny Zelster's Reverse-Engineering Malware Cheat Sheet and Analyzing Malicious Documents Cheat Sheet. In fact, as you'll notice in the reference section, Lenny's site is included multiple times. He has some really awesome information.

Mailing Lists and Discussion Forums

http://www.securityfocus.com/archive/138/description http://reddit.com/r/ReverseEngineering http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch https://groups.google.com/forum/#!forum/malware-removal https://groups.google.com/forum/#!forum/virustotal https://groups.google.com/forum/#!forum/mobilemalware https://groups.google.com/forum/#!forum/hk-malware-analysis http://www.kernelmode.info/forum/viewforum.php?f=16

Acquiring Samples

http://virusshare.com/ http://www.malware-traffic-analysis.net/index.html https://github.com/ytisf/theZoo http://www.malwaredomainlist.com/mdl.php http://www.malwareblacklist.com/showMDL.php http://support.clean-mx.de/clean-mx/viruses.php http://malc0de.com/database/ https://palevotracker.abuse.ch/ http://malwaredb.malekal.com/ http://blog.urlvoid.com/247/new-list-of-dangerous-websites-to-avoid/ http://www.scumware.org/ http://www.threatlog.com/ http://jsunpack.jeek.org/?list=1 http://www.malwareurl.com/ http://www.offensivecomputing.net/?q=taxonomy/term/1 http://vxvault.siri-urz.net/ViriList.php http://vxvault.siri-urz.net/URL_List.php http://contagiodump.blogspot.com/2011/03/take-sample-leave-sample-mobile-malware.html http://virussign.com/downloads.html http://www.fakeavs.com/ http://www.malware.lu/ http://www.nictasoft.com/ace/malware-urls/ http://labs.sucuri.net/ http://freelist.virussign.com/freelist/ http://malwareurls.joxeankoret.com/normal.txt http://malwared.malwaremustdie.org/db/fulllist.php http://androidsandbox.net/samples/ http://malshare.com/ https://avcaesar.malware.lu/ https://twitter.com/MalwareChannel http://www.nothink.org/honeypots/malware-archives/

Tools

Static Analysis

  • HashCalc
  • TrID-File Identifier
  • PEview
  • PEID
  • BinText
  • Dependency Walker
  • Heap Inspector
  • Unix Strings
  • IDA
  • OllyDBG

Dynamic Analysis

  • RegShot
  • InCtrl5
  • RegMon
  • ProcMon
  • FileMon
  • NetCat
  • BinText
  • LordPE
  • Wireshark
  • FakeDNS
  • FakeNet
  • Multipot
  • APIMonitor
  • SysAnalyzer
  • MCaptureBAT
  • Memoryze
  • HBGary Fast Dump
  • Volatility
  • DRAKVF

Automated Analysis

Free Automated Online Analysis

http://anubis.iseclab.org/ http://camas.comodo.com/ http://valkyrie.comodo.com/ http://eureka.cyber-ta.org/ http://www.document-analyzer.net/ https://malwr.com/submission/ https://www.hybrid-analysis.com/ http://www.threatexpert.com/submit.aspx http://www.threattracksecurity.com/resources/sandbox-malware-analysis.aspx https://www.vicheck.ca/ https://www.virustotal.com/

Free Online Link Checkers

http://www.avgthreatlabs.com/website-safety-reports/ http://www.brightcloud.com/tools/url-ip-lookup.php http://app.webinspector.com/ http://www.senderbase.org/ http://www.isithacked.com/ http://safeweb.norton.com/ http://www.phishtank.com/ http://www.malwaredomainlist.com/mdl.php http://www.malwareurl.com/listing-urls.php http://mxtoolbox.com/blacklists.aspx http://quttera.com/ http://www.reputationauthority.org/ http://global.sitesafety.trendmicro.com/ http://urlblacklist.com/?sec=search http://urlquery.net/ http://urlvoid.com/ https://www.virustotal.com/ http://vurl.mysteryfcm.co.uk/ http://wepawet.iseclab.org/ http://zulu.zscaler.com/

Sharing with other researchers

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment