├── .gitattributes ├── 9781484261927.jpg ├── Contributing.md ├── LICENSE.txt ├── README.md ├── bonus-tools ├── DISCLAIMER.txt ├── Virtual_Memory_Extractor.exe └── injected_code_finder.exe ├── errata.md └── samples_all_malware_analysis_and_detection_engineering ├── Cuckoo-Installation-And-Usage.txt ├── Procmon-Guide.txt ├── aa_installation_and_tool_usage_guides ├── Cuckoo-Installation-And-Usage.txt └── Procmon-Guide.txt ├── bonus-tools ├── injected_code_finder.exe └── readme.txt ├── chapter_02 └── Cuckoo-Installation-And-Usage.txt ├── chapter_03 └── Sample-Lab-3-1 │ ├── Sample-Lab-3-1-1 │ ├── Sample-Lab-3-1-10 │ ├── Sample-Lab-3-1-11 │ ├── Sample-Lab-3-1-2 │ ├── Sample-Lab-3-1-3 │ ├── Sample-Lab-3-1-4 │ ├── Sample-Lab-3-1-5 │ ├── Sample-Lab-3-1-6 │ ├── Sample-Lab-3-1-7 │ ├── Sample-Lab-3-1-8 │ └── Sample-Lab-3-1-9 ├── chapter_04 ├── Sample-4-1 ├── Sample-4-2 └── Sample-4-3 ├── chapter_05 ├── Sample-5-1 └── Sample-5-2 ├── chapter_06 └── Sample-6-1.txt ├── chapter_07 ├── Sample-7-1 ├── Sample-7-1-packed ├── Sample-7-2.txt ├── Sample-7-3.txt ├── Sample-7-4 ├── Sample-7-5.txt └── Sample-7-6.txt ├── chapter_08 ├── Procmon-Guide.txt └── Sample-8-1 ├── chapter_09 ├── Sample-9-1 ├── Sample-9-2.txt ├── Sample-9-3.txt ├── Sample-9-4.txt └── Sample-9-5.txt ├── chapter_10 ├── Sample-10-1 ├── Sample-10-2 ├── Sample-10-3 ├── Sample-10-4 ├── Sample-10-5 ├── Sample-10-5b ├── Sample-10-6 ├── Sample-10-7 ├── Sample-10-7-module.dll └── Sample-10-8.txt ├── chapter_11 ├── Instructions.txt ├── Sample-11-1 ├── Sample-11-2 ├── Sample-11-3 ├── Sample-11-4.zip ├── Sample-11-5-module.dll ├── Sample-11-5-rootkit ├── Sample-11-6-malware ├── Sample-11-7-ssdt-rootkit └── Sample-11-8-dkom-rootkit ├── chapter_12 ├── Sample-12-1.txt ├── Sample-12-2.txt ├── Sample-12-3.txt └── Sample-12-4.txt ├── chapter_13 ├── Sample-13-1.txt ├── Sample-13-2.txt ├── Sample-13-3.txt └── Sample-13-4.txt ├── chapter_14 ├── Sample-14-1.mem.zip.txt ├── Sample-14-1.txt ├── Sample-14-2.mem.zip.txt └── Sample-14-3.mem.zip.txt ├── chapter_15 ├── Sample-15-1.txt ├── Sample-15-10.txt ├── Sample-15-11.txt ├── Sample-15-12.txt ├── Sample-15-13.txt ├── Sample-15-14.txt ├── Sample-15-15.txt ├── Sample-15-16.txt ├── Sample-15-17.txt ├── Sample-15-18.txt ├── Sample-15-19.txt ├── Sample-15-2.txt ├── Sample-15-20.txt ├── Sample-15-21.txt ├── Sample-15-22.txt ├── Sample-15-23.txt ├── Sample-15-24.txt ├── Sample-15-25.txt ├── Sample-15-26.txt ├── Sample-15-27.txt ├── Sample-15-28.txt ├── Sample-15-29.txt ├── Sample-15-3.txt ├── Sample-15-30.txt ├── Sample-15-4.txt ├── Sample-15-5.txt ├── Sample-15-6.txt ├── Sample-15-7.txt ├── Sample-15-8.txt └── Sample-15-9.txt ├── chapter_16 ├── Sample-16-1 ├── Sample-16-10 ├── Sample-16-11 ├── Sample-16-12.txt ├── Sample-16-13 ├── Sample-16-14 ├── Sample-16-2 ├── Sample-16-3 ├── Sample-16-4 ├── Sample-16-5 ├── Sample-16-6 ├── Sample-16-7 ├── Sample-16-7_new ├── Sample-16-8 └── Sample-16-9 ├── chapter_17 ├── Sample-17-1.txt ├── Sample-17-2.txt └── Sample-17-3.txt ├── chapter_18 ├── Sample-18-1 └── Sample-18-2.txt ├── chapter_19 ├── Sample-19-1 └── Sample-19-2.txt ├── chapter_20 ├── Sample-20-1.txt ├── Sample-20-2.html ├── Sample-20-3.txt └── Sample-20-4.txt ├── chapter_22 ├── Sample-22-1.txt ├── Sample-22-2.txt ├── Sample-22-3.txt ├── Sample-22-4.txt ├── Sample-22-5-Memory-Scanner └── Sample-22-5-Memory-Scanner-Source.c ├── chapter_23 ├── Sample-23-1.pcap └── suricata.yaml └── chapter_25 ├── Sample-25-01.c ├── Sample-25-02.c └── chapter_25_samples.zip /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /9781484261927.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/9781484261927.jpg -------------------------------------------------------------------------------- /Contributing.md: -------------------------------------------------------------------------------- 1 | # Contributing to Apress Source Code 2 | 3 | Copyright for Apress source code belongs to the author(s). However, under fair use you are encouraged to fork and contribute minor corrections and updates for the benefit of the author(s) and other readers. 4 | 5 | ## How to Contribute 6 | 7 | 1. Make sure you have a GitHub account. 8 | 2. Fork the repository for the relevant book. 9 | 3. Create a new branch on which to make your change, e.g. 10 | `git checkout -b my_code_contribution` 11 | 4. Commit your change. Include a commit message describing the correction. Please note that if your commit message is not clear, the correction will not be accepted. 12 | 5. Submit a pull request. 13 | 14 | Thank you for your contribution! -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Freeware License, some rights reserved 2 | 3 | Copyright (c) 2020 Abhijit Mohanta and Anoop Saldanha 4 | 5 | Permission is hereby granted, free of charge, to anyone obtaining a copy 6 | of this software and associated documentation files (the "Software"), 7 | to work with the Software within the limits of freeware distribution and fair use. 8 | This includes the rights to use, copy, and modify the Software for personal use. 9 | Users are also allowed and encouraged to submit corrections and modifications 10 | to the Software for the benefit of other users. 11 | 12 | It is not allowed to reuse, modify, or redistribute the Software for 13 | commercial use in any way, or for a user’s educational materials such as books 14 | or blog articles without prior permission from the copyright holder. 15 | 16 | The above copyright notice and this permission notice need to be included 17 | in all copies or substantial portions of the software. 18 | 19 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 20 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 21 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 22 | AUTHORS OR COPYRIGHT HOLDERS OR APRESS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 23 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 24 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 25 | SOFTWARE. 26 | 27 | 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Apress Source Code 2 | 3 | This repository accompanies [*Malware Analysis and Detection Engineering*](https://www.apress.com/9781484261927) by Abhijit Mohanta and Anoop Saldanha (Apress, 2020). 4 | 5 | [comment]: #cover 6 | ![Cover image](9781484261927.jpg) 7 | 8 | Download the files as a zip using the green button, or clone the repository to your machine using Git. 9 | 10 | ## How to Download Malware Samples(IMPORTANT) 11 | 12 | The book contains exercises that involve both simulated and real world malware samples. 13 | For exercises which are simulated malwares we have provided the full sample in the above zip. 14 | For exercises which are real world malwares, we have instead provided the hashes of the malware samples. The malwares from these hashes are available for free download on https://any.run and https://virusshare.com and you can download the samples from these websites for free using the hashes. 15 | 16 | NOTE: You would need to create a free account on https://any.run and https://virusshare.com by registering with your email id in order to download the samples. You can register in https://any.run using following link https://app.any.run/#register. Instructions to join virusshare.com is available on the following link : https://virusshare.com/about. 17 | 18 | NOTE: If you are having trouble obtaining the malware samples, please reach out to the authors - Abhijit Mohanta/Anoop Saldanha, through their emails - abhijit.mohanta.15.08[at]gmail[dot]com/anoopsaldanha[at]gmail[dot]com. 19 | 20 | ## Book Website 21 | http://www.malware-analysis-and-detection-engineering.com 22 | More details about the book, including information about the malware samples is available here. 23 | Any updates regarding the book would be provided on the website. 24 | 25 | ## Contact Authors 26 | For any queries reagrding the book, or if you are having trouble obtaining the malware samples, please reach out to the authors - Abhijit Mohanta/Anoop Saldanha, through their emails - abhijit.mohanta.15.08[at]gmail[dot]com/anoopsaldanha[at]gmail[dot]com. 27 | 28 | ## APIMiner tool 29 | 30 | The APIMiner tool developed by the authors can be downloaded from https://github.com/poona/APIMiner. 31 | Updates and any other information about the tool would be provided on the book website http://www.malware-analysis-and-detection-engineering.com. 32 | 33 | ## Releases 34 | 35 | Release v1.0 corresponds to the code in the published book, without corrections or updates. 36 | 37 | ## Contributions 38 | 39 | See the file Contributing.md for more information on how you can contribute to this repository. 40 | -------------------------------------------------------------------------------- /bonus-tools/DISCLAIMER.txt: -------------------------------------------------------------------------------- 1 | 2 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 3 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 4 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 5 | THE AUTHORS OR COPYRIGHT HOLDERS OR APRESS BE LIABLE FOR ANY CLAIM, 6 | DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 7 | OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR 8 | THE USE OR OTHER DEALINGS IN THE SOFTWARE. 9 | -------------------------------------------------------------------------------- /bonus-tools/Virtual_Memory_Extractor.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/bonus-tools/Virtual_Memory_Extractor.exe -------------------------------------------------------------------------------- /bonus-tools/injected_code_finder.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/bonus-tools/injected_code_finder.exe -------------------------------------------------------------------------------- /errata.md: -------------------------------------------------------------------------------- 1 | # Errata for *Malware Analysis and Detection Engineering* 2 | 3 | On **page xx** [Summary of error]: 4 | 5 | Details of error here. Highlight key pieces in **bold**. 6 | 7 | *** 8 | 9 | On **page xx** [Summary of error]: 10 | 11 | Details of error here. Highlight key pieces in **bold**. 12 | 13 | *** -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/Cuckoo-Installation-And-Usage.txt: -------------------------------------------------------------------------------- 1 | Below are some guides that you can use to install Cuckoo and how to use it 2 | 3 | 1. https://cuckoo.readthedocs.io/en/latest/installation/ 4 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/Procmon-Guide.txt: -------------------------------------------------------------------------------- 1 | Below are some guides that explains how to power use Procmon 2 | 3 | 1. https://www.howtogeek.com/school/sysinternals-pro/lesson4/ 4 | 2. https://support.arcserve.com/s/article/202043619?language=en_US 5 | 3. https://www.davidmaiolo.com/portfolio-item/process-monitor-procmon-tutorial/ 6 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/aa_installation_and_tool_usage_guides/Cuckoo-Installation-And-Usage.txt: -------------------------------------------------------------------------------- 1 | Below are some guides that you can use to install Cuckoo and how to use it 2 | 3 | 1. https://cuckoo.readthedocs.io/en/latest/installation/ 4 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/aa_installation_and_tool_usage_guides/Procmon-Guide.txt: -------------------------------------------------------------------------------- 1 | Below are some guides that explains how to power use Procmon 2 | 3 | 1. https://www.howtogeek.com/school/sysinternals-pro/lesson4/ 4 | 2. https://support.arcserve.com/s/article/202043619?language=en_US 5 | 3. https://www.davidmaiolo.com/portfolio-item/process-monitor-procmon-tutorial/ 6 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/bonus-tools/injected_code_finder.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/bonus-tools/injected_code_finder.exe -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/bonus-tools/readme.txt: -------------------------------------------------------------------------------- 1 | These are bonus tools. 2 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_02/Cuckoo-Installation-And-Usage.txt: -------------------------------------------------------------------------------- 1 | Below are some guides that you can use to install Cuckoo and how to use it 2 | 3 | 1. https://cuckoo.readthedocs.io/en/latest/installation/ 4 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-10: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-10 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-11: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-11 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-2 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-3 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-4 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-5 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-6 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-7: -------------------------------------------------------------------------------- 1 | Hello Malwares -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-8: -------------------------------------------------------------------------------- 1 | 2 |

Hello Malwares

3 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_03/Sample-Lab-3-1/Sample-Lab-3-1-9 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_04/Sample-4-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_04/Sample-4-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_04/Sample-4-2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_04/Sample-4-2 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_04/Sample-4-3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_04/Sample-4-3 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_05/Sample-5-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_05/Sample-5-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_05/Sample-5-2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_05/Sample-5-2 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_06/Sample-6-1.txt: -------------------------------------------------------------------------------- 1 | https://www.malware-traffic-analysis.net/2017/08/02/index.html 2 | 3 | At the above link download the zip of the pcap file identified by the name 4 | 2017-08-02-Magnitude-EK-sends-Cerber-ransomware.pcap.zip 5 | 6 | The direct link of the above pcap.zip file at the time of selecting this sample is https://www.malware-traffic-analysis.net/2017/08/02/2017-08-02-Magnitude-EK-sends-Cerber-ransomware.pcap.zip and you can try downloading it directly from this link as well. 7 | 8 | Once you download the zip archive, you can unzip the archive to a folder to obtain the pcap file 2017-08-02-Magnitude-EK-sends-Cerber-ransomware.pcap, which contains a sample pcap that captured an exploit in action that executes and downloads cerber malware ransomware. 9 | 10 | The sample pcap can be analyzed using tools like Wireshark, Fiddler and Suricata. 11 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-1-packed: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-1-packed -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-2.txt: -------------------------------------------------------------------------------- 1 | Malware Sample 06 2 | 3 | MD5 - B9D49192FF46C0EC53117B9957B0B8CE 4 | SHA1 - 023382DC86C575432F094BBA00BB4CDC41FCD66B 5 | SHA256 - 5F8849A0048AED4AA07B8F74FED6515071E55CB3FA60EC23C68067618282AFF5 6 | 7 | This is a malware sample. 8 | 9 | We do not directly ship any malware samples with this book. But this malware 10 | sample is available in many public malware databases, where you can download 11 | this sample. Some of these public malware databases require you to register 12 | yourself with an account, some other don't. 13 | 14 | Please download this sample from one of these below public malware databases 15 | Once you download this sample you can rename it as Sample-7-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 16 | 17 | Some of the publicly available sources where you can download this sample are 18 | 1. https://www.virustotal.com 19 | 2. https://app.any.run/ 20 | 3. http://contagiodump.blogspot.com/ 21 | 4. https://cape.contextis.com 22 | 5. https://dasmalwerk.eu 23 | 6. https://www.hybrid-analysis.com/ 24 | 7. https://malshare.com/ 25 | 8. https://www.kernelmode.info/forum/ 26 | 9. https://avcaesar.malware.lu/ 27 | 10. https://thezoo.morirt.com/ 28 | 11. https://objective-see.com/malware.html 29 | 12. https://packettotal.com/malware-archive.html 30 | 13. https://app.sndbox.com 31 | 14. https://thezoo.morirt.com/ 32 | 15. https://urlhaus.abuse.ch/browse/ 33 | 16. https://beta.virusbay.io/ 34 | 17. http://www.virusign.com/ 35 | 18. https://www.virussign.com/downloads.html 36 | 19. https://virusshare.com/ 37 | 38 | Disclaimer: Please be very careful using this sample. Do not add the .exe 39 | extension while you are saving it as a file, to prevent it from being 40 | accidentally run. Also don't keep a copy of it on your host. Please save, 41 | run and analyze it only inside your malware analysis VM. The authors are 42 | not responsible for any damages caused by mishandling of the sample 43 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-3.txt: -------------------------------------------------------------------------------- 1 | Malware Sample 01 2 | 3 | MD5 - 47DA511C59512062E7DBDB2BB66A9FDE 4 | SHA1 - DCF5A684CC8B5095B6B9A7237B8FF7C751FE0017 5 | SHA256 - B02352D9777D7AA82C69F0F9A16A61D8E9EE00BC383C6781E3B6DEB59CC72BCA 6 | 7 | This is a malware sample. 8 | 9 | We do not directly ship any malware samples with this book. But this malware 10 | sample is available in many public malware databases, where you can download 11 | this sample. Some of these public malware databases require you to register 12 | yourself with an account, some other don't. 13 | 14 | Please download this sample from one of these below public malware databases 15 | Once you download this sample you can rename it as Sample-7-3 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 16 | 17 | Some of the publicly available sources where you can download this sample are 18 | 1. https://www.virustotal.com 19 | 2. https://app.any.run/ 20 | 3. http://contagiodump.blogspot.com/ 21 | 4. https://cape.contextis.com 22 | 5. https://dasmalwerk.eu 23 | 6. https://www.hybrid-analysis.com/ 24 | 7. https://malshare.com/ 25 | 8. https://www.kernelmode.info/forum/ 26 | 9. https://avcaesar.malware.lu/ 27 | 10. https://thezoo.morirt.com/ 28 | 11. https://objective-see.com/malware.html 29 | 12. https://packettotal.com/malware-archive.html 30 | 13. https://app.sndbox.com 31 | 14. https://thezoo.morirt.com/ 32 | 15. https://urlhaus.abuse.ch/browse/ 33 | 16. https://beta.virusbay.io/ 34 | 17. http://www.virusign.com/ 35 | 18. https://www.virussign.com/downloads.html 36 | 19. https://virusshare.com/ 37 | Disclaimer: Please be very careful using this sample. Do not add the .exe 38 | extension while you are saving it as a file, to prevent it from being 39 | accidentally run. Also don't keep a copy of it on your host. Please save, 40 | run and analyze it only inside your malware analysis VM. The authors are 41 | not responsible for any damages caused by mishandling of the sample 42 | 43 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-4 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-5.txt: -------------------------------------------------------------------------------- 1 | Malware Sample 07 2 | 3 | MD5 - B35FEFECD07552859AAE6AF3B5A1EBC6 4 | SHA1 - 2C59B74EF5A273C8585738340E3F59C0A86CC5BF 5 | SHA256 - 9ECF5E7E7714F0D12D387F5C3AEE1026F7AB95B531454650531B04521EC18216 6 | 7 | This is a malware sample. 8 | 9 | We do not directly ship any malware samples with this book. But this malware 10 | sample is available in many public malware databases, where you can download 11 | this sample. Some of these public malware databases require you to register 12 | yourself with an account, some other don't. 13 | 14 | Please download this sample from one of these below public malware databases 15 | Once you download this sample you can rename it as Sample-7-5 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 16 | 17 | Some of the publicly available sources where you can download this sample are 18 | 1. https://www.virustotal.com 19 | 2. https://app.any.run/ 20 | 3. http://contagiodump.blogspot.com/ 21 | 4. https://cape.contextis.com 22 | 5. https://dasmalwerk.eu 23 | 6. https://www.hybrid-analysis.com/ 24 | 7. https://malshare.com/ 25 | 8. https://www.kernelmode.info/forum/ 26 | 9. https://avcaesar.malware.lu/ 27 | 10. https://thezoo.morirt.com/ 28 | 11. https://objective-see.com/malware.html 29 | 12. https://packettotal.com/malware-archive.html 30 | 13. https://app.sndbox.com 31 | 14. https://thezoo.morirt.com/ 32 | 15. https://urlhaus.abuse.ch/browse/ 33 | 16. https://beta.virusbay.io/ 34 | 17. http://www.virusign.com/ 35 | 18. https://www.virussign.com/downloads.html 36 | 19. https://virusshare.com/ 37 | 38 | Disclaimer: Please be very careful using this sample. Do not add the .exe 39 | extension while you are saving it as a file, to prevent it from being 40 | accidentally run. Also don't keep a copy of it on your host. Please save, 41 | run and analyze it only inside your malware analysis VM. The authors are 42 | not responsible for any damages caused by mishandling of the sample 43 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_07/Sample-7-6.txt: -------------------------------------------------------------------------------- 1 | Malware Sample 12 2 | 3 | MD5 - A048795FDAF5B6D844960E1C45C3A442 4 | SHA1 - 8A0E147897B62398A6E9BCABCFA87A088EE76A3B 5 | SHA256 - 40C5EC744BCF776A3E885A2A88E49FF092155211E8E08EA9576FC98F781F6FC5 6 | 7 | This is a malware sample. 8 | 9 | We do not directly ship any malware samples with this book. But this malware 10 | sample is available in many public malware databases, where you can download 11 | this sample. Some of these public malware databases require you to register 12 | yourself with an account, some other don't. 13 | 14 | Please download this sample from one of these below public malware databases 15 | Once you download this sample you can rename it as Sample-7-6 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 16 | 17 | Some of the publicly available sources where you can download this sample are 18 | 1. https://www.virustotal.com 19 | 2. https://app.any.run/ 20 | 3. http://contagiodump.blogspot.com/ 21 | 4. https://cape.contextis.com 22 | 5. https://dasmalwerk.eu 23 | 6. https://www.hybrid-analysis.com/ 24 | 7. https://malshare.com/ 25 | 8. https://www.kernelmode.info/forum/ 26 | 9. https://avcaesar.malware.lu/ 27 | 10. https://thezoo.morirt.com/ 28 | 11. https://objective-see.com/malware.html 29 | 12. https://packettotal.com/malware-archive.html 30 | 13. https://app.sndbox.com 31 | 14. https://thezoo.morirt.com/ 32 | 15. https://urlhaus.abuse.ch/browse/ 33 | 16. https://beta.virusbay.io/ 34 | 17. http://www.virusign.com/ 35 | 18. https://www.virussign.com/downloads.html 36 | 19. https://virusshare.com/ 37 | 38 | Disclaimer: Please be very careful using this sample. Do not add the .exe 39 | extension while you are saving it as a file, to prevent it from being 40 | accidentally run. Also don't keep a copy of it on your host. Please save, 41 | run and analyze it only inside your malware analysis VM. The authors are 42 | not responsible for any damages caused by mishandling of the sample 43 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_08/Procmon-Guide.txt: -------------------------------------------------------------------------------- 1 | Below are some guides that explains how to power use Procmon 2 | 3 | 1. https://www.howtogeek.com/school/sysinternals-pro/lesson4/ 4 | 2. https://support.arcserve.com/s/article/202043619?language=en_US 5 | 3. https://www.davidmaiolo.com/portfolio-item/process-monitor-procmon-tutorial/ 6 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_08/Sample-8-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_08/Sample-8-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_09/Sample-9-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_09/Sample-9-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_09/Sample-9-2.txt: -------------------------------------------------------------------------------- 1 | MD5 - f3498a7cebc61d171e6f117ac4da3750 2 | SHA1 - 3a96c84a94f85ff8b936262d327bffbddf8e604f 3 | SHA256 - 0a2e439f806733cd933c85e2febc4926e4228e765bc5d50fc01bb852925bf924 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-9-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_09/Sample-9-3.txt: -------------------------------------------------------------------------------- 1 | MD5 - b810fc6ce27c42ba182a1efe591ebf6b 2 | SHA1 - 2c79f9055b5601b8b01cb6a429dc1365960ca597 3 | SHA256 - 0a4ebb0e2707b94bfc9947469decc9745001fad23ff3da223f08eb331bfe7d09 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-9-3 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_09/Sample-9-4.txt: -------------------------------------------------------------------------------- 1 | MD5 - b9d49192ff46c0ec53117b9957b0b8ce 2 | SHA1 - 023382dc86c575432f094bba00bb4cdc41fcd66b 3 | SHA256 - 5f8849a0048aed4aa07b8f74fed6515071e55cb3fa60ec23c68067618282aff5 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-9-4 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_09/Sample-9-5.txt: -------------------------------------------------------------------------------- 1 | MD5 - d88dc89ba973bab6321bdd2caad6b91e 2 | SHA1 - 9fb6f3c7e7e17cf3882957f6855de4f695fb4f0d 3 | SHA256 - 0a512e998976b0096f71f4683811a245f59e34ee5281598e19538e7f87d8359b 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-9-5 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-2 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-3 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-4 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-5 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-5b: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-5b -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-6 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-7 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-7-module.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-7-module.dll -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_10/Sample-10-8.txt: -------------------------------------------------------------------------------- 1 | MD5 cb066c5625aa85957d6b8d4caef4e497 2 | SHA-1 bd183265938f81990260d88d3bb6652f5b435be7 3 | SHA-256 9cdb1a336d111fd9fc2451f0bdd883f99756da12156f7e59cca9d63c1c1742ce 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-10-8 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. Direct Link To Download - https://app.any.run/tasks/4f7b28dc-7d06-4d8d-8d96-ea8d839d1445/ 35 | 20. https://virusshare.com/ 36 | 37 | Disclaimer: Please be very careful using this sample. Do not add the .exe 38 | extension while you are saving it as a file, to prevent it from being 39 | accidentally run. Also don't keep a copy of it on your host. Please save, 40 | run and analyze it only inside your malware analysis VM. The authors are 41 | not responsible for any damages caused by mishandling of the sample 42 | 43 | 44 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Instructions.txt: -------------------------------------------------------------------------------- 1 | The Samples used in the chapter are Rootkit samples and some may run in specific environment and specific OS version. 2 | The samples have been tested on Windows7-32-bit SP1. 3 | Sample-11-5-rootkit requires Sample-11-5-module.dll to be in same folder to execute. 4 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-2 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-3 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-4.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-4.zip -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-5-module.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-5-module.dll -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-5-rootkit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-5-rootkit -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-6-malware: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-6-malware -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-7-ssdt-rootkit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-7-ssdt-rootkit -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-8-dkom-rootkit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_11/Sample-11-8-dkom-rootkit -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_12/Sample-12-1.txt: -------------------------------------------------------------------------------- 1 | MD5 - d2b041825291d1075242bd4f76c4c526 2 | SHA1 - 5beea9f59d5f2bdc67ec886a4025cdcc59a2d9c3 3 | SHA256 - 6f9aae315ca6a0d3a399fa173b0745b74a444836b5efece5c8590589e228dbca 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-12-1 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_12/Sample-12-2.txt: -------------------------------------------------------------------------------- 1 | MD5 - 47da511c59512062e7dbdb2bb66a9fde 2 | SHA1 - dcf5a684cc8b5095b6b9a7237b8ff7c751fe0017 3 | SHA256 - B02352D9777D7AA82C69F0F9A16A61D8E9EE00BC383C6781E3B6DEB59CC72BCA 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-12-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_12/Sample-12-3.txt: -------------------------------------------------------------------------------- 1 | MD5 - b9d49192ff46c0ec53117b9957b0b8ce 2 | SHA1 - 023382dc86c575432f094bba00bb4cdc41fcd66b 3 | SHA256 - 5f8849a0048aed4aa07b8f74fed6515071e55cb3fa60ec23c68067618282aff5 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-12-3 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_12/Sample-12-4.txt: -------------------------------------------------------------------------------- 1 | MD5 - 739bda4212ff42999d1401624eebcce0 2 | SHA1 - 4485004f78a68d8fccd4fc549a40dd8c76cfca14 3 | SHA256 - 8eabfa74d88e439cfca9ccabd0ee34422892d8e58331a63bea94a7c4140cf7ab 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-12-4 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_13/Sample-13-1.txt: -------------------------------------------------------------------------------- 1 | MD5 - 47da511c59512062e7dbdb2bb66a9fde 2 | SHA1 - dcf5a684cc8b5095b6b9a7237b8ff7c751fe0017 3 | SHA256 - B02352D9777D7AA82C69F0F9A16A61D8E9EE00BC383C6781E3B6DEB59CC72BCA 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-13-1 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_13/Sample-13-2.txt: -------------------------------------------------------------------------------- 1 | MD5 - a048795fdaf5b6d844960e1c45c3a442 2 | SHA1 - 8a0e147897b62398a6e9bcabcfa87a088ee76a3b 3 | SHA256 - 40c5ec744bcf776a3e885a2a88e49ff092155211e8e08ea9576fc98f781f6fc5 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-13-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_13/Sample-13-3.txt: -------------------------------------------------------------------------------- 1 | MD5 - c99e32fb49a2671a6136535c6537c4d7 2 | SHA1 - ada9bcb3da63e7b989b279fb6c3bc9fe7ff7b41f 3 | SHA256 - 8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-13-3 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_13/Sample-13-4.txt: -------------------------------------------------------------------------------- 1 | MD5 - 51f032aaf7579439c4c4c555310d468c 2 | SHA1 - 17adda042d375f132e0cc1d0b5204d313662357f 3 | SHA256 - 34d768b9953b4a2ea55f2b11bafbbac12a3a4639d8de97ee062c1be1c2a332ac 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-13-4 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_14/Sample-14-1.mem.zip.txt: -------------------------------------------------------------------------------- 1 | https://drive.google.com/file/d/1UG02m42QOSSoXyezxEhur6fypT8xo3n- 2 | 3 | This is a system memory dump taken after running Sample-14-1.exe malware sample. 4 | You can download it from the above google drive link and rename it as Sample-14-1.mem to use it along with Chapter 14 exercises. 5 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_14/Sample-14-1.txt: -------------------------------------------------------------------------------- 1 | MD5 - 351c4b6611117ab2f5f8af8710e0bd52 2 | SHA1 - 93d04d01693b01215ebfa8354cf446730d557921 3 | SHA256 - 16d1f3f1f9c095e8a1fda728edab565065d91adcd04cf691ac1433222f37f11b 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-14-1 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_14/Sample-14-2.mem.zip.txt: -------------------------------------------------------------------------------- 1 | https://drive.google.com/file/d/1QR0WXcsrokWpjiFTrSaIS97TabDpGRB- 2 | 3 | You can download it from the above google drive link and rename it as Sample-14-2.mem to use it along with Chapter 14 exercises. 4 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_14/Sample-14-3.mem.zip.txt: -------------------------------------------------------------------------------- 1 | https://drive.google.com/file/d/1pb6Fd8nwTN_9JxGGKdaBgtUV6FbYd1gL 2 | 3 | You can download it from the above google drive link and rename it as Sample-14-3.mem to use it along with Chapter 14 exercises. 4 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-1.txt: -------------------------------------------------------------------------------- 1 | MD5 - b7ea85cca87b73a63e92e17db82c11c0 2 | SHA1 - ee0040012e00563756cc8398ccf2de21bb8a223f 3 | SHA256 - 3f50009c9460cce36879bedf7f173e939934db829cb640d2dc8fe4a00801971d 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-1 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-10.txt: -------------------------------------------------------------------------------- 1 | MD5 - a8f470bdfe7fff18aaf5534d15de2328 2 | SHA1 - 0c99d361e09d8c85682d8daafd9dd77cd2ff9321 3 | SHA256 - 25c6e58db78506f99cb4104e14aec69e04403121131f909255d4f84a175091e4 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-10 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-11.txt: -------------------------------------------------------------------------------- 1 | MD5 - bea7e1884f3f1ee12f2096c3ad0e5539 2 | SHA1 - 3139cb75e8be2d9b5e9eb304b8a07c131d30b5d4 3 | SHA256 - 038b48972ed28fd2fd7fe7cc791371a007ca03babc23053afc4fa921ec6bc488 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-11 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-12.txt: -------------------------------------------------------------------------------- 1 | MD5 - 9e66068f58cd743f45bc19aa1ea8b40f 2 | SHA1 - 1b962608ee06a9bad688031715adcb81b7864b5e 3 | SHA256 - 4fa88f11bc3cb7b7be5237fa91b913cb9a5c6095b93ae301079c4d10103847cb 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-12 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-13.txt: -------------------------------------------------------------------------------- 1 | MD5 - 9e66068f58cd743f45bc19aa1ea8b40f 2 | SHA1 - 1b962608ee06a9bad688031715adcb81b7864b5e 3 | SHA256 - 4fa88f11bc3cb7b7be5237fa91b913cb9a5c6095b93ae301079c4d10103847cb 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-13 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-14.txt: -------------------------------------------------------------------------------- 1 | MD5 - bdd22f489223b92c4fd085f7f682a420 2 | SHA1 - 86b859fa793c632d272bdeb9a4d9a7dbc582e8ff 3 | SHA256 - 58eb3867a7c901b5808233e10e30979f947eb873558a839d0da42b55dfb24bf9 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-14 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-15.txt: -------------------------------------------------------------------------------- 1 | MD5 - 088a0edba88bb9421491223a553eca1f 2 | SHA1 - 8e2990c5b19d3dbda8411528dbe5f46202944785 3 | SHA256 - 96d773703084ebe016129d6bf68bdcf3b5860c1bbc248856acbb3d83dc30e7c4 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-15 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-16.txt: -------------------------------------------------------------------------------- 1 | MD5 - 5a1fe470fdf7ebaea5da64502647d03a 2 | SHA1 - c09166a6dc366eda0b55b53c1a926e796243fd29 3 | SHA256 - 603d9dbd228f6531af09e5703ceef0298644ce0c74f9bf4b87162e51e3479e24 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-16 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-17.txt: -------------------------------------------------------------------------------- 1 | MD5 - e087ef6f4e62c34cedfb62f9a1d37370 2 | SHA1 - dba8080b66bcc485a004a54b000044f1abf00dff 3 | SHA256 - 7304963b4634162b138162c1b42e378778a1d025c7f07e658517f952c6e60ed4 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-17 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-18.txt: -------------------------------------------------------------------------------- 1 | MD5 - 67ffa90030413d49014211a338beb540 2 | SHA1 - 163e55ca4eb4b083c673503e39726f6129adc419 3 | SHA256 - 669fe5fbc6fd1392516d0bba3286d6e84d89d6f1cc9fddd333ed99bdd86a456d 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-18 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-19.txt: -------------------------------------------------------------------------------- 1 | MD5 - c98aaad68d2067d1262ad1c3f00060c0 2 | SHA1 - 32d83f0155ddc89a168247c7bc7bbd135a793d3f 3 | SHA256 - 53ec0355a6363ed2bf470cec8809121c40671a05b05cd3063107be13571d497c 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-19 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-2.txt: -------------------------------------------------------------------------------- 1 | MD5 - 68119dd7fb9ecb099de50227162bd82f 2 | SHA1 - e25166b2a4feae62a5d98a22bf6d5a2707b7d2a7 3 | SHA256 - 7b045eec693e5598b0bb83d21931e9259c8e4825c24ac3d052254e4925738b43 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-20.txt: -------------------------------------------------------------------------------- 1 | MD5 - b7ea85cca87b73a63e92e17db82c11c0 2 | SHA1 - ee0040012e00563756cc8398ccf2de21bb8a223f 3 | SHA256 - 3f50009c9460cce36879bedf7f173e939934db829cb640d2dc8fe4a00801971d 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-20 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-21.txt: -------------------------------------------------------------------------------- 1 | MD5 - c99e32fb49a2671a6136535c6537c4d7 2 | SHA1 - ada9bcb3da63e7b989b279fb6c3bc9fe7ff7b41f 3 | SHA256 - 8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-21 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-22.txt: -------------------------------------------------------------------------------- 1 | MD5 - 4a4a6d26e6c8a7df0779b00a42240e7b 2 | SHA1 - 8072bada086040e07fa46ce8c12bf7c453c0e286 3 | SHA256 - 7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-22 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-23.txt: -------------------------------------------------------------------------------- 1 | MD5 - 2abb84e5b24b74b99c18dcfb41ec2317 2 | SHA1 - 4d0df390f3713b559119e3a80ff5c9d77c886685 3 | SHA256 - e1d38936bff2f355a18d15b8c73aee4430d6a8d79cb42009fc096da508c8c81f 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-23 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-24.txt: -------------------------------------------------------------------------------- 1 | MD5 - 7a9807d121aa0721671477101777cb34 2 | SHA1 - d4ea82d20084b2f6611d79707a618c2979930ece 3 | SHA256 - 5bdc66a072587807dd77291c66b92c3aa1cb5510d263d155b218967331c97f4d 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-24 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-25.txt: -------------------------------------------------------------------------------- 1 | MD5 - 698e97de2b86565cb97a6a9bd2facefa 2 | SHA1 - 1445fafd5e12cc0c4a9f4072d2a441b16a70370c 3 | SHA256 - 98ae4be339c26b9d829b6d612f5c29dd8e113ef120bf5d6a7fe2f4d65b6e9418 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-25 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-26.txt: -------------------------------------------------------------------------------- 1 | MD5 - da66cbc9ae879173f9e38d51a2cffdb8 2 | SHA1 - ce651b549e945fab1ffbced06c671c8f050b5018 3 | SHA256 - 098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-26 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-27.txt: -------------------------------------------------------------------------------- 1 | MD5 - 6f7fe88cb1c85f86574c861a7b795690 2 | SHA1 - 668a91e226877b280711562dbab7e17829d0f750 3 | SHA256 - 58943beadac589e8703c916e60fb9e369f8240bef7318cddf6339ba8f3fc558c 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-27 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-28.txt: -------------------------------------------------------------------------------- 1 | MD5 - 9e7d35d1fc7cb184a781388b965cd13c 2 | SHA1 - 7a06ba6a0dc8a73da0dcf74804d38ff0c4a9ea34 3 | SHA256 - 95aada46d92aa263149f253749c3bb5b2eac06badf6e540f22e26244a98d08ef 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-28 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-29.txt: -------------------------------------------------------------------------------- 1 | MD5 - b570a4d1d2dd94b2de43868a4397d3e1 2 | SHA1 - 88d4b5bf0dcd66b6b6cf6a814dae8f6eeaa09f24 3 | SHA256 - cbbcdef6bbdb6f7deffcdb68775fe80abff6870c2b46e6132a6b1f6b8853db44 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-29 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-3.txt: -------------------------------------------------------------------------------- 1 | MD5 - cce99984ffd20cf6a92ac16cf2a29831 2 | SHA1 - e2245c716c08ba82248e085bc3d0347e89b6d3a1 3 | SHA256 - 34e50d5454d6da86b275f2ac730b59db4efa9e46909a6e2d1e24434a661fc752 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-30.txt: -------------------------------------------------------------------------------- 1 | MD5 - fff71aeb21df3eb5b4e80249d7631906 2 | SHA1 - 908d08fe8d75a1c930d0a6c3a51d98d2589987c8 3 | SHA256 - ac551c799b347369594d6996cdd772c1d258a8ce8aa88ed711e7917d0a8e1ab2 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-30 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-4.txt: -------------------------------------------------------------------------------- 1 | MD5 - c3cc9527896eefc0c5f6806ca80f5646 2 | SHA1 - 0bad6e706135d6530f322a77e4e90958d4dfb3b1 3 | SHA256 - 436f9776580ea0dceb25215539f4d3b85d0f9eee7d912671c84846e43008f6fe 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-4 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-5.txt: -------------------------------------------------------------------------------- 1 | MD5 - c5b1c1d70b3f3ac8dedafef4206c8dc6 2 | SHA1 - 21223902d0a3e7c9ab9191dbc9757fc36563a04a 3 | SHA256 - 575bdd77e813d1ff39fe335af843e9cd3c9af81cf86172958202d4094072ee2b 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-5 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-6.txt: -------------------------------------------------------------------------------- 1 | MD5 - 344f0b94d1df14f4e076937a91da6592 2 | SHA1 - 299d56fae13f5c1f72e9f155432caac92b6eb2f0 3 | SHA256 - 587ea747462f6eba609e2017bf5adceef5cb61b9c617d8b905760be815d6dd68 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-6 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-7.txt: -------------------------------------------------------------------------------- 1 | MD5 - 491046defcec6dc6daf8185cfaed0196 2 | SHA1 - 18ee27f3fb74e99102998476cfec5a21f2ff26b0 3 | SHA256 - 83361b5476e0539454e13ee194991e2fb74fc4c8b4223a4f1cd028f1ddc256df 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-7 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-8.txt: -------------------------------------------------------------------------------- 1 | MD5 - b4e2c49803590b0c9ee40f27edc79176 2 | SHA1 - 8a185d3f60f4b64545f3a4d19bb5fb972145dd05 3 | SHA256 - 1f86759cec94a7fc427dd9dec190be256bc31ab58c9df3e3281f463db68e6ae7 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-8 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_15/Sample-15-9.txt: -------------------------------------------------------------------------------- 1 | MD5 - bdbfca1b0d259836ca3420f7d6ab1210 2 | SHA1 - 2498779cee95bbaa4a050447096a4eabb64de267 3 | SHA256 - 4a99629b3b93b4095ec7299d4d06b7ec79f146b68ee55e5a68674537d0b99ad4 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-15-9 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-10: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-10 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-11: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-11 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-12.txt: -------------------------------------------------------------------------------- 1 | MD5 - da66cbc9ae879173f9e38d51a2cffdb8 2 | SHA1 - ce651b549e945fab1ffbced06c671c8f050b5018 3 | SHA256 - 098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-16-12 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-13: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-13 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-14: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-14 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-2 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-3 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-4 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-5 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-6 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-7 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-7_new: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-7_new -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-8 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_16/Sample-16-9 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_17/Sample-17-1.txt: -------------------------------------------------------------------------------- 1 | MD5 - B66EB4BCB2860EF48AFBC1378E1AE545 2 | SHA1 - a2fcbf6e175afcee58344e6ee0f551fc2fff8d27 3 | SHA256 - 49a48d4ff1b7973e55d5838f20107620ed808851231256bb94c85f6c80b8ebfc 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-17-1 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_17/Sample-17-2.txt: -------------------------------------------------------------------------------- 1 | MD5 - CD08478FA956525F6386F0203EC1149F 2 | SHA1 - a221d8455949e7f1fa3a7b5cc89dfe35a4494801 3 | SHA256 - 553ab2c2c67aa5430bbffbd2d7c062d75f25cd8e7ae7fe023ec6f97fbb6915e5 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-17-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_17/Sample-17-3.txt: -------------------------------------------------------------------------------- 1 | MD5 - DF725667733410F1A023A76D36FCBD31 2 | SHA1 - f7dec59aef9cc9e5c13827cf7786d05819170f1b 3 | SHA256 - ceb8efb3a3eb1085c61bba4b0a77d1aca1f7b10511497e1521135f18bf67647c 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-17-3 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_18/Sample-18-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_18/Sample-18-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_18/Sample-18-2.txt: -------------------------------------------------------------------------------- 1 | MD5 - 43fe77b1365c17fcedf39763a48d4557 2 | SHA1 - 76ce70ebf7acb6eeb041d8d97d1da9230995827e 3 | SHA256 - 68374e3bde1b1196ef0a3209189acfa395e923a0b2f02b43efb6f323690b01d5 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-18-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_19/Sample-19-1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_19/Sample-19-1 -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_19/Sample-19-2.txt: -------------------------------------------------------------------------------- 1 | MD5 - a8f470bdfe7fff18aaf5534d15de2328 2 | SHA1 - 0c99d361e09d8c85682d8daafd9dd77cd2ff9321 3 | SHA256 - 25c6e58db78506f99cb4104e14aec69e04403121131f909255d4f84a175091e4 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-19-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_20/Sample-20-1.txt: -------------------------------------------------------------------------------- 1 | MD5 - 1890e152632f3e14f2adbdcdb5fd619f 2 | SHA1 - 220dbcc349b6f9fe285701712fea8148b90c0faa 3 | SHA256 - d136acc74e5ed2f333312548fd8bbf6dc5c35d366d756796380acb78b7d728c3 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-20-1 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. Direct link from any.run - https://app.any.run/tasks/e301b4b8-3454-4b7d-8504-e3a9b22f650c/# 35 | 20. https://virusshare.com/ 36 | 37 | Disclaimer: Please be very careful using this sample. Do not add the .exe 38 | extension while you are saving it as a file, to prevent it from being 39 | accidentally run. Also don't keep a copy of it on your host. Please save, 40 | run and analyze it only inside your malware analysis VM. The authors are 41 | not responsible for any damages caused by mishandling of the sample 42 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_20/Sample-20-2.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |
4 |
5 |
6 | 7 | 13 | 14 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_20/Sample-20-3.txt: -------------------------------------------------------------------------------- 1 | MD5 - 3e7d1bfad536a526b1ca697522ec6cb0 2 | SHA1 - 404b7fb93673ce9a41f880228996cef9ac339d90 3 | SHA256 - e07c84f98332b07ae40a22f15c32cbf794586e26576a7539def667881e15beae 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-20-3 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_20/Sample-20-4.txt: -------------------------------------------------------------------------------- 1 | MD5 - 4fde04b25ea20b6ab30c5e4984e01afc 2 | SHA1 - 7a35907df3ac0693be55a218be8d5b5b85673f45 3 | SHA256 - a5e14eecf6beb956732790b05df001ce4fe0f001022f75dd1952d529d2eb9c11 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-20-4 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_22/Sample-22-1.txt: -------------------------------------------------------------------------------- 1 | MD5 - 7a9807d121aa0721671477101777cb34 2 | SHA1 - d4ea82d20084b2f6611d79707a618c2979930ece 3 | SHA256 - 5bdc66a072587807dd77291c66b92c3aa1cb5510d263d155b218967331c97f4d 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-22-1 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_22/Sample-22-2.txt: -------------------------------------------------------------------------------- 1 | MD5 - 698e97de2b86565cb97a6a9bd2facefa 2 | SHA1 - 1445fafd5e12cc0c4a9f4072d2a441b16a70370c 3 | SHA256 - 98ae4be339c26b9d829b6d612f5c29dd8e113ef120bf5d6a7fe2f4d65b6e9418 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-22-2 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_22/Sample-22-3.txt: -------------------------------------------------------------------------------- 1 | MD5 - 48e23b61dfb3d8d3a78f29a9af5f2899 2 | SHA1 - d4c1a4df312b00b7b31121f72168e50916634b51 3 | SHA256 - c85e66ad02ff17490cced065260799f1b619dcde803e612ffdc21d6529ecf5ad 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-22-3 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix.. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_22/Sample-22-4.txt: -------------------------------------------------------------------------------- 1 | MD5 - 2abb84e5b24b74b99c18dcfb41ec2317 2 | SHA1 - 4d0df390f3713b559119e3a80ff5c9d77c886685 3 | SHA256 - e1d38936bff2f355a18d15b8c73aee4430d6a8d79cb42009fc096da508c8c81f 4 | 5 | This is a malware sample. 6 | 7 | We do not directly ship any malware samples with this book. But this malware 8 | sample is available in many public malware databases, where you can download 9 | this sample. Some of these public malware databases require you to register 10 | yourself with an account, some other don't. 11 | 12 | Please download this sample from one of these below public malware databases 13 | Once you download this sample you can rename it as Sample-22-4 and add the required file extension as the chapter exercise suggests. Make sure you have Extension Hiding Disabled to add and view the suffix. 14 | 15 | Some of the publicly available sources where you can download this sample are 16 | 1. https://www.virustotal.com 17 | 2. https://app.any.run/ 18 | 3. http://contagiodump.blogspot.com/ 19 | 4. https://cape.contextis.com 20 | 5. https://dasmalwerk.eu 21 | 6. https://www.hybrid-analysis.com/ 22 | 7. https://malshare.com/ 23 | 8. https://www.kernelmode.info/forum/ 24 | 9. https://avcaesar.malware.lu/ 25 | 10. https://thezoo.morirt.com/ 26 | 11. https://objective-see.com/malware.html 27 | 12. https://packettotal.com/malware-archive.html 28 | 13. https://app.sndbox.com 29 | 14. https://thezoo.morirt.com/ 30 | 15. https://urlhaus.abuse.ch/browse/ 31 | 16. https://beta.virusbay.io/ 32 | 17. http://www.virusign.com/ 33 | 18. https://www.virussign.com/downloads.html 34 | 19. https://virusshare.com/ 35 | 36 | Disclaimer: Please be very careful using this sample. Do not add the .exe 37 | extension while you are saving it as a file, to prevent it from being 38 | accidentally run. Also don't keep a copy of it on your host. Please save, 39 | run and analyze it only inside your malware analysis VM. The authors are 40 | not responsible for any damages caused by mishandling of the sample 41 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_22/Sample-22-5-Memory-Scanner: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_22/Sample-22-5-Memory-Scanner -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_22/Sample-22-5-Memory-Scanner-Source.c: -------------------------------------------------------------------------------- 1 | // mem_scan.cpp : Defines the entry point for the console application. 2 | // 3 | #include "stdafx.h" 4 | #include "windows.h" 5 | #include 6 | 7 | 8 | 9 | bool enableDebugPriv() 10 | { 11 | HANDLE hToken; 12 | LUID sedebugnameValue; 13 | TOKEN_PRIVILEGES tkp; 14 | 15 | 16 | if (!OpenProcessToken(GetCurrentProcess(), 17 | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { 18 | return false; 19 | } 20 | if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) { 21 | CloseHandle(hToken); 22 | return false; 23 | } 24 | tkp.PrivilegeCount = 1; 25 | tkp.Privileges[0].Luid = sedebugnameValue; 26 | tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 27 | if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) { 28 | CloseHandle(hToken); 29 | return false; 30 | } 31 | return true; 32 | } 33 | 34 | 35 | int _tmain(int argc, _TCHAR* argv[]) 36 | { 37 | if (argc < 3) 38 | { 39 | printf("usage : memoroy_scar.exe " ); 40 | return 0; 41 | } 42 | 43 | enableDebugPriv() ; 44 | 45 | int pid = wcstoul(argv[1], 0, 0); 46 | HANDLE hProcess=OpenProcess( PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, false,pid); 47 | SYSTEM_INFO sysInfo; 48 | MEMORY_BASIC_INFORMATION mbi; 49 | 50 | 51 | int ret; 52 | //searchstring 53 | char SeacrhString[32]; 54 | ret = wcstombs ( SeacrhString, argv[2], sizeof(SeacrhString) ); 55 | //printf("argument string=%s\n",SeacrhString); 56 | int offset=0; 57 | BOOL is_match = 0; 58 | LPVOID searchOffset; 59 | int foundFlag=0; 60 | 61 | LPVOID memAddr=NULL; 62 | LPVOID lpBufferX=NULL; 63 | int vqResult=0; 64 | HANDLE hFile=NULL; 65 | int * lpBuffer;//A pointer to a buffer that receives the contents from the address space of the specified process. 66 | SIZE_T nSize; //The number of bytes to be read from the specified process. 67 | SIZE_T lpNumberOfBytesRead; 68 | DWORD dwBytesWritten = 0; 69 | 70 | wchar_t MemDumpFileName[16]; 71 | 72 | 73 | GetSystemInfo(&sysInfo); 74 | ZeroMemory(&mbi, sizeof(MEMORY_BASIC_INFORMATION)); 75 | 76 | while (memAddr < sysInfo.lpMaximumApplicationAddress) 77 | { 78 | //vqResult=VirtualQueryEx(hProcess,hProcess,memAddr,&mbi,sizeof(MEMORY_BASIC_INFORMATION)); 79 | 80 | if(VirtualQueryEx(hProcess,memAddr, &mbi,sizeof(MEMORY_BASIC_INFORMATION))) 81 | { 82 | 83 | //printf("base address=%02x, size_of_region=%02x\n",mbi.BaseAddress,mbi.RegionSize); 84 | 85 | 86 | //selective blocks 87 | if(mbi.State==MEM_COMMIT && mbi.RegionSize > 41000) 88 | { 89 | 90 | 91 | 92 | lpBufferX=VirtualAlloc(NULL,mbi.RegionSize,MEM_COMMIT,PAGE_READWRITE); 93 | 94 | 95 | ReadProcessMemory(hProcess, 96 | memAddr, 97 | lpBufferX, 98 | (DWORD)mbi.RegionSize, 99 | &lpNumberOfBytesRead); 100 | 101 | is_match = -1; 102 | offset=0; 103 | 104 | for (offset = 0; offset < (DWORD)mbi.RegionSize - strlen(SeacrhString); offset++) 105 | { 106 | 107 | searchOffset=(LPVOID)((CHAR*)lpBufferX + offset); 108 | 109 | is_match = memcmp(searchOffset, SeacrhString, strlen(SeacrhString)); 110 | if (is_match==0){ 111 | printf("\n\nMatch found in below block:"); 112 | printf("Memory Block = %02x\n", mbi.BaseAddress); 113 | printf("offset from start of block= %02x\n==========================\n\n", offset); 114 | 115 | foundFlag=1; 116 | swprintf(MemDumpFileName, sizeof(MemDumpFileName) / sizeof(*MemDumpFileName), L"0x%02x", memAddr);//change of name of the file 117 | //wprintf(L"[%ls]\n", buf2); 118 | 119 | 120 | 121 | //writing to a file 122 | hFile = CreateFile( 123 | MemDumpFileName, // Filename 124 | GENERIC_WRITE, // Desired access 125 | FILE_SHARE_READ, // Share mode 126 | NULL, // Security attributes 127 | CREATE_NEW, // Creates a new file, only if it doesn't already exist 128 | FILE_ATTRIBUTE_NORMAL, // Flags and attributes 129 | NULL); // Template file handle 130 | 131 | 132 | 133 | dwBytesWritten = 0; 134 | WriteFile( 135 | hFile, // open file handle 136 | lpBufferX, // start of data to write 137 | mbi.RegionSize, // number of bytes to write 138 | &dwBytesWritten, // number of bytes that were written 139 | NULL); 140 | 141 | CloseHandle(hFile); 142 | 143 | 144 | break; 145 | } 146 | 147 | VirtualFree(lpBufferX,mbi.RegionSize, MEM_RELEASE); 148 | } 149 | //if(foundFlag==1) 150 | // break; 151 | 152 | 153 | 154 | } 155 | 156 | } 157 | memAddr = (PVOID)( ( (DWORD_PTR)mbi.BaseAddress +(DWORD_PTR)mbi.RegionSize) ); 158 | 159 | } 160 | 161 | return 0; 162 | } 163 | 164 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_23/Sample-23-1.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_23/Sample-23-1.pcap -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_25/Sample-25-01.c: -------------------------------------------------------------------------------- 1 | 2 | 3 | #include 4 | 5 | int main() 6 | { 7 | int status = 1; 8 | if (status == 1) { 9 | printf("Inside IF"); 10 | } else { 11 | printf("Inside ELSE"); 12 | 13 | } 14 | } 15 | 16 | -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_25/Sample-25-02.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | int main() 6 | { 7 | LPVOID v; 8 | 9 | Sleep(1); 10 | v = VirtualAlloc(0, 1024, MEM_COMMIT, PAGE_READWRITE); 11 | printf(" Address allocated: %x", v); 12 | fflush(stdout); 13 | Sleep(1); 14 | 15 | return 0; 16 | 17 | 18 | } -------------------------------------------------------------------------------- /samples_all_malware_analysis_and_detection_engineering/chapter_25/chapter_25_samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Apress/malware-analysis-detection-engineering/4f79b8e6db6517561d5f04d3ee308d58ca3bf266/samples_all_malware_analysis_and_detection_engineering/chapter_25/chapter_25_samples.zip --------------------------------------------------------------------------------