MALWARE Bazaar
When we publish diary entries covering malware, we almost always share the hash of the malware sample.
I prefer posting the MD5 hash because it is short, together with a link to the VirusTotal entry for said malware sample. VirusTotal reports different hashes, so that you can find your preferred hash. And if you have a VT subscription, you can also download the sample itself.
A new, free malware sharing service is available now: MALWARE Bazaar.
I will make sure that every public malware sample that I blog about from now on, will be available on MALWARE bazaar. Like this sample, for example, that I extracted from a malicious document I wrote recent diaries about.
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
Comments
trying to have a look to the samples, I failed to open the zip-file with several Debian tools and your zipdump.py as well. Here the error message was "bad password".
Any hint?
Thanks
Anonymous
Apr 29th 2020
4 years ago
So make sure you use a ZIP tool that supports AES encryption. Tomorrow I'll release a new version of zipdump.py that supports module pyzipper (pyzipper supports AES).
Anonymous
Apr 29th 2020
4 years ago
the keyword "AES" lead to 7zip.
Having a look to some xlsm there were 3 versions of the same author. The first 32 bytes of the files might reveal something, but I can't interpret it.
Anonymous
Apr 30th 2020
4 years ago