Malware Collections

AXCrypt

BTW why do you take so many precautions?

What is the reason for changing the MD5 and multiple rar files

 

No, I have not received the the pre-release yet. But it's supposed to be sent within a few hours. Have you received it yet?

 

You can search about a particular file thru MD5...Either on VT or any other Multi-Scanner website, by using MD5 Search.

 

Yeah I know that, but I still don't understand the reason of changing the MD5 of a particular file

EDIT: I mean though you change the identity of the file but still it will get detected as malware(I guess you are not changing the file physically in terms of size and coding) right or am I missing something?

 

It makes everything in system...No need of different names and all...Only MD5 with non-exe format.

 

im not keeping any malware with me now.
Also im not using any AV now.
Just Firewall With HIPS.
On demand scanning only.

 

You are very much protected even w/o an AV

Remember the rule if ain't executed it won't infect

 

My sample is 6,300 and only 212Mbs.

Did and all I get is SSupdater.exe removal instructions.

Sure thing. Shoot me a PM...

 

With recent samples that´s not the usual.

My main collection is around 700 GB.

 

Remember we can't post links, it's in their testing forums section, just read the thread titles and you will find it

 

700 gb, is very good size
my collection is about 80 gb, maintance is so hard, generating scan log is so hard,...
many av cant scan all of them, crashed
malware trading is hard job

 

OMG you guys must have dedicated HDD and Machine for your Malware Collections...

Here it is only 650 MB

 

Sure, i have external hdd for this job.
Remove double files, md5 rename, file type correction, generating av scan log database, remove corrupted samples,...

it is not easy job.

i bought never amd processor, fastest ram, but all operation is not fast.

so, there is special operation for other types. For example crypters, rats, web downloaders, virus creators,...

It is very hard for hobby. I must buy play station, it is better than malware trading

Money and Time.
You are just started, if it is not your job forget it, my advice

 

I have started it now, so i won't quit. I am like a soldier who never quits from its front !!

By the way which tool you use to remove double files? And do you have any other MD5 Renaming tool?

 

I prefer internal HDs for scanning. They are faster.

SHA-256 file rename.

For removing duplicates I use my own weeder which uses the SHA-256 hashes from file names. Generate a new database is fast as it´s not required to calculate the hashes because they can be retrieved directly from file names.

For file type correction I use my own renamer specialized in the file types that can be found in malware collections.

Generating new av logs consumes lots of time and machine resources.

Removing corrupted samples is also very difficult. The ideal is to run every sample manually and check if it works but with the amount of malwares available that´s pretty difficult to do. This would be the more consuming part of collecting as it´s pretty hard to use automatisms in this task.

I agree that it´s not an easy hobby.

 

i dont know is it suitable forum usage but it is not secret.

You can use any duplicate checker software which has byte to byte ability.
Example; noclone, moleskinsoft, ...

You can use fsum for md5 renaming;
http://fsumfe.sourceforge.net/

 

I like console mode utilities for malware collecting tasks due it´s easier for automatisms.

 

Probably, but i am using e-sata connection. it is fast as sata internal connection. i prefer better performance hdd, it is not green design, but i donation tema (nature association)

Why not md5? MD5 is faster than SHA-256

Good method, i am using some duplicate checker software but they are not fast.i found new method. i rename files their md5, i double check via file name (not byte to byte)

Is it reliable? i used many software but i dont thing they are reliable. Especially dll and exe files blend. some exe files identified as dll, and opposite

Av log parse another problem. Some av's generating csv logs, for example rising. Some others use bad (i think) log files. i need log parser software

Yes, i with you. i tried sandboxie with some automation script but i cant get reliable result. But i have tools for valid win32 checker. I am using this, better than nothing.

Yes. I am just trying to help to some developer. i am using my malware collection to trying betas, my improving suggestions, testing (not ondemand av test) etc.

 

Win mode crashed if you tried rename more than 5000 files

 

Why do u guys keep malwares

are u going to make organisation like AVC or Vbtn??

 

I was using CRC32 file naming for many years but some time ago the amount of collisions (different files with the same hash) was too big so I decided to change and use other hash for file names. I decided to use MD5 but someone told me that MD5 collisions were easy to make so I decided to use a slower but free-collision hash.

The same method I use.

Yes, it´s the best public malware file renamer in the world. In fact it´s the only one publicly available.

Some years ago I had an AV log parser but I discontinued it because malware collectors decided to use just one AV to exchange so it was pointless to support the rest of AVs.

I also coded a Win32 PE verifier based in Sandboxie. What was the problem you found that made results not reliable?

I don´t like "static" Win32 PE checkers, I prefer "dynamic" checkers like using Sandboxie to run the samples. Valid Win32 checkers have the advantage of being faster and not consume CPU.

 

what is it name? it is possible, where can i find?

Kaspersky, Rising give me good name, Avira, Nod not good for malware renaming. just i started collection maintance, but need more batch management tools.

Cause it dedected only not valid winpe file. it dont dedect is it works or not. File may be valid but, it hasnt got any behavior. just launched and closed.

 

Maybe, is it impossible?
Eugene Kaspersky start like me

 

I gave the link to download the tool to rename file types and file names to guest and AvinashR. Please contact them to know the link.

I will give support for the tool, named RenFiles, here. Anyway the usage is pretty simple.

RENFILES -RE C:\PATH

Used to rename files from C:\PATH to the right extension.

-RE has several subcommands: {c} {b} {v}

{c} is used to rename unknown extensions to .VIR

{b} is used to create a batch file with the commands to rename files instead renaming files directly

{v} is used to add ".vir" to file names

The subcommands must be used in order. Like:

-REC
-RECB
-REBV

-RM C:\PATH

This command is used to rename files to MD5 file names

-RS C:\PATH

This command is used to rename files to SHA-256 file names

That´s the help you need for the features you want.