Malware Request

[FelloBoiYuuka]

CHUCHA joke program Found on a VX Heaven archive; from 2007 The archive is here: https://thepiratebay.org/description.php?id=3806920 Works best on XP. (That's what I tested it on.) This video explains it in depth: https://www.youtube.com/watch?v=8tIf1ftqVaU https://github.com/PiRFale-Danger/Jokes/blob/main/not-virus_BadJoke.Win32.Chucha.exe

[LJ9859]

Thank you for the malware submission! I will try my best to add it as soon as possible. If you have anything else to add, simply reply. 😄

P.S. Hello fellow malware database owner! I recognized you 😂

[FelloBoiYuuka]

Well, I have lots of malware to share :P, here's a Rogue AV. Proof Defender 2009; a clone of Perfect Defender 2009. https://www.virustotal.com/gui/file/e2b466f363bd4da34efe2e25ed64b26eec8bba84a8b131af5200f83810490710 https://github.com/PiRFale-Danger/Rogue-AV-s/raw/main/PDInstall2009.exe

[FelloBoiYuuka]

Quick question: What type of malware do u want me to find? (Image from VX Heaven)

[LJ9859]

Any types lol as long as they contend to at least one of my requirements (which means it only has to meet ONE of the requirements) (find loopholes if you want)

1. Can actually show something or do something on screen

2. Any DOS viruses outside of the archive.org page are accepted

3. Can be popular (ex. MYDoom)

4. Can be any of these following: (because I am actively looking for them)

TECHNO.COM

REGUtilities

PC Accelerate Pro

Motitags

Prime Updater

Storm Worm (If anybody actually has a copy of this I will be so darn grateful ✨✨✨)

5. Can work on Windows XP or lower (2000,98,95,3.1,etc)

6. Just give me anything else and I will test and and see if I can add it

P.S. sorry for bad grammar if there is any I'm typing from the GitHub app on my phone

BTW thank you so much for making a malware submission! I am currently adding the antivirus sample you gave me to the database. If you have any ACTUAL antiviruses, then go to my antivirus repository and make an issue there as it will be most helpful

[LJ9859]

I am back on my main computer. If you referring to the image you gave, I will point out some interesting folders that would be cool for sample submissions. Here's my cool list:

Email-Flooder

Spam-Tool

Trojan-Downloader

Exploit

P.S. If you have the link to the website, I would love to go through it myself lol (I have to sign up for VXHeaven, right?). 😁

[LJ9859]

Update: I added both the programs from this issue, sorry for waiting, I have been under the weather lately.

P.S. You have been put in the new section in my Readme.md file, "Our contributors! 🙃" Go check it out, lol

[FelloBoiYuuka]

Thanks, I will check it out soon! But for now, I'll try to find some interesting samples. And for VX Heaven, no, you don't need to sign up. Here's the link to it on web.archive.org. If you find a sample that piques your interest. Copy the MD5 hash and paste into Virustotal or MalShare. (Links for those are below). So, see ya later!

VX Heaven: https://web.archive.org/web/20160328202236/http://vxheaven.org/vl.php MalShare: https://malshare.com/pull.php (You don't need a API key). Edit: If you can't download a sample that you find interesting, just send me its name and I'll grab a copy of the sample for you. Edit 2: I'll find all of the samples you want. lol. Stay safe, and get well soon.

[FelloBoiYuuka]

Here's the samples that I found. https://uploadnow.io/files/0j4dwBt And your welcome! I tried my hardest to find the storm worm, but I think I found it? I hope it works. Edit: I just threw some others that caught my eye, Idk the payloads of them.

[LJ9859]

It's making me pay $60 USD/per year to make an account (it doesn't seem like there is a way to get to the files without creating an account.) How do I get past that? Is there anywhere else I can download the samples you got?

P.S. Thank you! You are so helpful! ✨😇

[FelloBoiYuuka]

Ur welcome! Here's a Mediafire link instead, sorry. https://www.mediafire.com/file/c83oo0tgn8278ow/The+Samples.7z/file

[LJ9859]

OMG DUDE THANK YOU SO MUCH okay I am freaking out so much lol my actual reaction when I saw you actually got a copy of Prime Updater and PC Accelerate Pro was "HOW DO YOU GET THIS???" I was so shocked lol, I have never encountered stuff like this ever. I will go through all this stuff and test it through Any.run and package and stuff. Top priority currently. Props to you bro, I would give you something bigger but I cant but you deserve a follow bro, so you got one. I am so so happy and shocked. You made my day.

P.S. Thank you for throwing in some extras like "VLC Plus Player", "One Updater" and Fake Solaris. Do you mind telling me where you even like found Prime Updater? I would love to go through the site if there is one as I combed through VX Heaven and the only things I found were pre Windows 7 lol. Again, thank you so much bro. It's hard to see me not use my grammar. I will be updating my contributions section. BTW, will Endermanch/wipet or whoever made Solaris attack me if I upload the leaked Solaris that pankoza has? Anyways, thank you.

[LJ9859]

POV: My virtual machines after my videos: BTW my virus testing youtube channel is https://www.youtube.com/@DestroyingWindowsLol if you want to check it out (i don't post on it anymore BUT I might start posting again now that my OBS Studio doesn't lag because i have a new pc)

[LJ9859]

I am having a lot of fun with these samples on any.run!

[LJ9859]

Anyways goodnight, see you tommorow. Thanks for being such a big help.

[FelloBoiYuuka]

LOL! You're welcome! Here's a tip, put "site:any.run" if you're looking for hard to find samples. And no worries, Nikitpad and WiPet/WyPet won't attack you for that fake Solaris. LMAO.

[FelloBoiYuuka]

Btw, you can actually download samples from VirusTotal. You just need to be apart of a business or pay. I'm not sure how it works, but thought you'd like to know always. Goodnight. Edit: That "CHUCHA" joke program, was VERY hard to find. So, thank me for that as well! :D

[LJ9859]

Yes, thank you for that too! I knew you could download VirusTotal samples using an API, but it wouldn't let me, I think I needed to pay like you said lol. BTW, the Solaris that pankoza has is fake? I guess I got tricked lol if you are talking about panzoka's. I know the Solaris from the 7zip file you gave me is fake, and therefore they won't attack me for it. I will use that site:any.run trick in the future if I remember it, too. Thank you! We can continue this conversation tomorrow.

[LJ9859]

lol

[LJ9859]

keep this open because y not

[FelloBoiYuuka]

Lol, gn. BTW, I didn't know Pankoza made it. But it's no surpise.

[LJ9859]

yeah lol goodnight fr now

ps here the link to pankoza leak https://github.com/pankoza2-pl/Malware2.0Database/blob/main/leaked/Solaris.exe

[FelloBoiYuuka]

If you read this in the morning, I have some extra stuff. https://www.dropbox.com/s/ai0d7u02lg6waot/MoreRogues.zip?dl=0 https://www.mediafire.com/file/aiepkbauo2v84wz/Adware.zip/file https://www.mediafire.com/file/iih3bxzc2ajjdzt/hnmi1009.zip/file https://www.mediafire.com/file/65nvxedrii9lm7k/malware-main.zip/file and finally https://uploadnow.io/f/XmYsffH (Pass: Weeb)

[LJ9859]

Okay I will test these malwares also. They seem very interesting!

P.S. I had read this last night, but I shut off my computer after my research of the Neville-Lake children (https://en.wikipedia.org/wiki/Deaths_of_the_Neville-Lake_children) so I didn't bother turning my PC on again lol. Anyways, I will test these now. 🙃

Edit: Make sure the samples are under 25 mb, or they wont upload!!

[FelloBoiYuuka]

If they're above it, then you don't have to add them. I'm fine with that.

[FelloBoiYuuka]

Hello, just checking in.

[LJ9859]

Yeah, i'm here lol. I wish I could add Bonzi Buddy but he's 47 megabytes! :O I might be able to download the version separately, though.

[FelloBoiYuuka]

Lol. I might find REGUtilities, since it might be on VirusShare archive. I'll tell you when I got a sample of it.

[FelloBoiYuuka]

@LJ9859 https://www.virustotal.com/gui/file/d13b2ce73f1911fe48c8a9efbe839bc174aceaf7c41fe1dca0260a4a5cedb93f/details That's the MD5 hash, but I need to find the right archive with it from VirusShare. Edit: Eh, I'll do it tomorrow. Instead, I got a Trojan-FakeAV called "SpeedVaccine", haven't tested it yet, but might. Edit 2: OMG! There's a lot more FaveAV's. I'm gonna send you some.

[LJ9859]

Yes please send all of them! I love FakeAVs!!!!!!!

P.S. I searched the md5 in any.run and nothing came up. Check VirusTotal Edit: I also check MalShare and there is nothing either.

[FelloBoiYuuka]

Heya, sorry for the wait, I had to get more samples. Download Samples #2 Here Pass: infected

[LJ9859]

Okay thank you!! I haven't even gone through all of them lol. I will check it out when I get on my computer. Thank you! 😃

[FelloBoiYuuka]

Heya, do you want any other samples that you want? Like PUA/PUP's?

[LJ9859]

sorry for the wait ;p

But yeah I love PUPs and PUAs. They are my most valued sample lol I will download REGUtilities now

[LJ9859]

Yeah I love PUPs and PUAs. They are my most valued samples for some reason.

p.s. i have downloaded regutilities now, sorry for the wait to respond ;p

[LJ9859]

Also BTW do you have any information on where Motitags is?

[FelloBoiYuuka]

Motitags is in one of the files, its named "MotitagsSetup2.5.15.8.^B5J^man000^YYA^.exe", in the REGUtilities.zip file. If you're talking about where I found it, it was here: https://web.archive.org/web/20150426010719/http://ak.imgfarm.com/images/nocache/vicinio/installers/212575042.YYA.3/380624-141218113945-YYA.3/MotitagsSetup2.5.15.8.%5EB5J%5Eman000%5EYYA%5E.exe

https://github.com/PiRFale-Danger/Malware-Requests Edit: Also, what type of PUP's you want? List if you have to. Edit 2: @LJ9859 Putted them on my GitHub Repo.

[FelloBoiYuuka]

Now I'll let you get to uploading the ones you like, see ya!

[LJ9859]

Oh dang sorry, I never looked in the REGUtilities one lol. I will now tho.

[LJ9859]

BREAKING NEWS: My windows defender popped up randomly and did a scan and found that Win32.Nuwar.F is in there somewhere so you did get the storm worm!

but the bad news is that windows defender is gonna wipe the Samples.7z file (but the rest are safe)

[FelloBoiYuuka]

You're damn right I got the Storm Worm! And Defender comes on every 6 or more minutes (I think). Also, just use a VM to do your work.

[LJ9859]

I use MalwareBytes and I may combine it with Kaspersky in the future lol. I am currently packaging all the viruses you sent me lol (like i am uploading every single one). I would want to use a VM to do my work, but instead for some reason i use my main computer (im a bit dum dum brain) lol. Got the PUAs and PUPs yet?

[FelloBoiYuuka]

I'm just getting up from my nap, I'll tell you when I got them (Might as well @ you).

[LJ9859]

Okie Dokie! Lol

[LJ9859]

I am going to upload all these files in like a single batch at a time, so like one giant upload for the fakeavs, one giant upload for the trojans, etc. Just so you know lol

[FelloBoiYuuka]

Alr. So, I found Rocket Browser, but its called Blaze. For Lite Browser, well, I can't download it off of Web Archive, so instead I'm gonna search though Virusshare.

[LJ9859]

Good. Any info on Chrone?

[FelloBoiYuuka]

Alr, here's the samples. (Couldn't find LiteBrowser). Crappy Browsers pass: infected

[LJ9859]

Oh okay! Thank you!

[LJ9859]

also what is the "downloader_elements" files? Are those the browser downloads you extracted from a DriverPack setup? Because I remember extracting similar files from a DriverPack setup once trying to find Chrone.

[FelloBoiYuuka]

Yes, I'm not sure if they're supposed to be for Chrone, but Idk?