{"id":13796395,"url":"https://github.com/inquest/malware-samples","last_synced_at":"2026-01-17T09:43:10.791Z","repository":{"id":45322970,"uuid":"120587935","full_name":"InQuest/malware-samples","owner":"InQuest","description":"A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net","archived":false,"fork":false,"pushed_at":"2024-03-26T03:51:41.000Z","size":59302,"stargazers_count":885,"open_issues_count":0,"forks_count":191,"subscribers_count":87,"default_branch":"master","last_synced_at":"2024-11-08T06:41:19.735Z","etag":null,"topics":["malware","malware-analysis","malware-research","malware-samples"],"latest_commit_sha":null,"homepage":"","language":"ActionScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/InQuest.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-07T08:44:41.000Z","updated_at":"2024-11-06T02:01:15.000Z","dependencies_parsed_at":"2024-08-01T21:53:47.797Z","dependency_job_id":null,"html_url":"https://github.com/InQuest/malware-samples","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InQuest%2Fmalware-samples","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InQuest%2Fmalware-samples/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InQuest%2Fmalware-samples/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InQuest%2Fmalware-samples/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/InQuest","download_url":"https://codeload.github.com/InQuest/malware-samples/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225159857,"owners_count":17430193,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["malware","malware-analysis","malware-research","malware-samples"],"created_at":"2024-08-03T23:01:09.764Z","updated_at":"2026-01-17T09:43:10.609Z","avatar_url":"https://github.com/InQuest.png","language":"ActionScript","readme":"# malware-samples\nA collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net or https://twitter.com/inquest. Be sure to also check out the Deep File Inspection (DFI) portion of https://labs.inquest.net for an interactive searchable interface to a large corpus (\u003e500K) of downloadable malware lures.\n\n* [CVE-2018-4878-Adobe-Flash-DRM-UAF-0day](http://blog.inquest.net/blog/2018/02/07/cve-2018-4878-adobe-flash-0day-itw/)\n  * 14c58e38... Carrier: Microsoft Excel 2007+ [XLSX](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/xlsx-14c58e3894258c54e12d52d0fba0aafa258222ce9223a1fdc8a946fd169d8a12), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/xlsx-14c58e3894258c54e12d52d0fba0aafa258222ce9223a1fdc8a946fd169d8a12.report)\n  * 3b1395f6... Carrier: Composite Document File V2 Document [DOC](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/doc-3b1395f620e428c5f68c6497a2338da0c4f749feb64e8f12e4c5b1288cc57a1c), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/doc-3b1395f620e428c5f68c6497a2338da0c4f749feb64e8f12e4c5b1288cc57a1c.report)\n  * 88d7aa16... Stage-1: Macromedia Flash data, version 32 [SWF](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-88d7aa1612756e2e70e4972d3f6a80517515f5274b38d4601357f954e207f294), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-88d7aa1612756e2e70e4972d3f6a80517515f5274b38d4601357f954e207f294.report), [Decompiled ActionScript](https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-88d7aa1612756e2e70e4972d3f6a80517515f5274b38d4601357f954e207f294-dfi)\n  * 1a326925... Stage-2: (0day) Macromedia Flash data (compressed), version 32 [SWF](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-1a3269253784f76e3480e4b3de312dfee878f99045ccfd2231acb5ba57d8ed0d), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-1a3269253784f76e3480e4b3de312dfee878f99045ccfd2231acb5ba57d8ed0d.report), [Decompiled ActionScript](https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/swf-1a3269253784f76e3480e4b3de312dfee878f99045ccfd2231acb5ba57d8ed0d-dfi)\n  * e1546323... Payload: (ROKRAT) PE32 executable (GUI) Intel 80386, for MS Windows [PE](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/pe-e1546323dc746ed2f7a5c973dcecc79b014b68bdd8a6230239283b4f775f4bbd), [JSON VT Report](https://github.com/InQuest/malware-samples/blob/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day/pe-e1546323dc746ed2f7a5c973dcecc79b014b68bdd8a6230239283b4f775f4bbd.report)\n* [2018-04-GandCrab-Swarm](http://blog.inquest.net/blog/2018/04/17/gandcrab-swarm/)\n  * Document Carrier: [DOC](https://github.com/InQuest/malware-samples/blob/master/2018-04-GandCrab-Swarm/99eb1d90eb5f0d012f35fcc2a7dedd2229312794354843637ebb7f40b74d0809/99eb1d90eb5f0d012f35fcc2a7dedd2229312794354843637ebb7f40b74d0809.doc)\n  * Document Dropper Macro: [VBA](https://github.com/InQuest/malware-samples/blob/master/2018-04-GandCrab-Swarm/99eb1d90eb5f0d012f35fcc2a7dedd2229312794354843637ebb7f40b74d0809/99eb1d90eb5f0d012f35fcc2a7dedd2229312794354843637ebb7f40b74d0809.macro)\n  * Additional Extracted Macros: [VBAs](https://github.com/InQuest/malware-samples/tree/master/2018-04-GandCrab-Swarm/dropper-macros)\n  * Obfuscated JavaScript payloads: [JS](https://github.com/InQuest/malware-samples/tree/master/2018-04-GandCrab-Swarm/dropper-javascript)\n* [2018-05-Agent-Tesla-Open-Directory](https://inquest.net/2018/05/22/field-notes-agent-tesla-open-directory)\n  * Agent Tesla Payload 1:\n      [EXE](https://github.com/InQuest/malware-samples/blob/master/2018-05-Agent-Tesla-Open-Directory/agent-tesla/0abb52b3e0c08d5e3713747746b019692a05c5ab8783fd99b1300f11ea59b1c9)\n  * Agent Tesla Payload 2: [EXE](https://github.com/InQuest/malware-samples/blob/master/2018-05-Agent-Tesla-Open-Directory/agent-tesla/e10a98e2aa34d0ed7f5cf78717efdc809d3084bd7ca29f3a5905a3c1a22ae118)\n  * Agent Tesla Payload 3: [EXE](https://github.com/InQuest/malware-samples/blob/master/2018-05-Agent-Tesla-Open-Directory/agent-tesla/cdae984bddb747f11d7d3a8708fd7e3bcaa4c295d3441899a33b4ae9f6db5aba)\n  * Web Panel: [ZIP](https://github.com/InQuest/malware-samples/blob/master/2018-05-Agent-Tesla-Open-Directory/web-panel/7f131248a23e3a8ee00753941f31479f72bb6284f01fb572459654306c6c26fd)\n * 2018-05-22 [Interesting Macro Obfuscation](https://twitter.com/InQuest/status/999099472255836160)\n   * [26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.doc](https://github.com/InQuest/malware-samples/blob/master/miscellaneous/26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5)\n   * [26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.macro](https://github.com/InQuest/malware-samples/blob/master/miscellaneous/26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.macro)\n   * [26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.related](https://github.com/InQuest/malware-samples/blob/master/miscellaneous/26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5.related) 769 related hashes\n* 2018-08 Hidden Bee Elements\n  * [11310b509f8bf86daa5577758e9d1eb5](https://github.com/InQuest/malware-samples/blob/master/2018-08-Hidden-Bee-Elements/11310b509f8bf86daa5577758e9d1eb5)\n  * [b3eb576e02849218867caefaa0412ccd](https://github.com/InQuest/malware-samples/blob/master/2018-08-Hidden-Bee-Elements/b3eb576e02849218867caefaa0412ccd)\n* [2019-01 Malicious Excel XLM Macros](http://blog.inquest.net/blog/2019/01/29/Carving-Sneaky-XLM-Files/)\n  * [98e4695eb06b12221f09956c4ee465ca5b50f20c0a5dc0550cad02d1d7131526.xlm](https://github.com/InQuest/malware-samples/raw/master/2019-01-15-Mal-Excel-Doc-Macrosheet/98e4695eb06b12221f09956c4ee465ca5b50f20c0a5dc0550cad02d1d7131526)\n  * [a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a.msi](https://github.com/InQuest/malware-samples/raw/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-2-msi/a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a)\n  * [c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4.exe](https://github.com/InQuest/malware-samples/raw/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-3-exe/c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4)\n  * [8a5041d41c552c5df95e4a18de4c343e5ac54845e275262e99a3a6e1a639f5d4.vbs](https://raw.githubusercontent.com/InQuest/malware-samples/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-4-vbs/8a5041d41c552c5df95e4a18de4c343e5ac54845e275262e99a3a6e1a639f5d4)\n  * [91237a76e43caa35e3fbd42d47fbaca5d6b5ea7a96c89341196d070b628122ce.bat](https://github.com/InQuest/malware-samples/blob/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-5-bat/91237a76e43caa35e3fbd42d47fbaca5d6b5ea7a96c89341196d070b628122ce)\n  * [79a56ca8a7fdeed1f09466af66c24ddef5ef97ac026297f4ea32db6e01a81190.dll](https://github.com/InQuest/malware-samples/raw/master/2019-01-15-Mal-Excel-Doc-Macrosheet/stage-6-dll/79a56ca8a7fdeed1f09466af66c24ddef5ef97ac026297f4ea32db6e01a81190)\n* [2019-03 Sophisticated PowerShell Script (Dropping URLZone)](http://blog.inquest.net/blog/2019/03/09/Analyzing-Sophisticated-PowerShell-Targeting-Japan/)\n  * [945a1276860fc4904ca23ed86b22e1782cd5761bc6c47f1cf331d9ae02cde0db.ps1](https://raw.githubusercontent.com/InQuest/malware-samples/master/2019-03-PowerShell-Obfuscation-Encryption-Steganography/945a1276860fc4904ca23ed86b22e1782cd5761bc6c47f1cf331d9ae02cde0db.bin)\n  * [6847b98f36e96c3d967524811409e164746bea5ae021d44fbd6c7bfefe072582.dll](https://github.com/InQuest/malware-samples/raw/master/2019-03-PowerShell-Obfuscation-Encryption-Steganography/9.a.%20embedded%20in%20stage8.dll.bin)\n  * [6badf0748ca6cbd4a1f1175dbb8a6dbbee1656c7086378418e1397bce025aa60.exe](https://github.com/InQuest/malware-samples/raw/powershell-japan/2019-03-PowerShell-Obfuscation-Encryption-Steganography/15.b.%20pe.bin)\n* [2019-07 Base64 Encoded Powershell Pivots](https://inquest.net/blog/2019/07/19/base64-encoded-powershell-pivots)  \n  * [PEM](https://github.com/InQuest/malware-samples/blob/master/2019-07-Base64-Encoded-Powershell-Directives/769ba6ae91bbe410f03a5461e103bd8eecfda95ac86acdac4ac88d08df0b29bd)\n  * [LNK](https://github.com/InQuest/malware-samples/blob/master/2019-07-Base64-Encoded-Powershell-Directives/e5a940f242ab764c83f0b98bb17c1804a3d7d57583457e1d8aaa64032dc49caa)\n  * [JPG](https://github.com/InQuest/malware-samples/blob/master/2019-07-Base64-Encoded-Powershell-Directives/4148ec78d1c283d55e90fd515f200148dba0eba5d4a51e1b49d46ee0072d587b)\n  * [others...](https://github.com/InQuest/malware-samples/tree/master/2019-07-Base64-Encoded-Powershell-Directives)\n* [2020-05 Zloader 4.0 Macrosheet Evolution](https://inquest.net/blog/2020/05/06/ZLoader-4.0-Macrosheets-Evolution)\n  * [GitHub Hosted Samples and Macrosheet Extractions](https://github.com/InQuest/malware-samples/tree/master/2020-05-ZLoader-Evolution)\n  * [InQuest Labs Samples by Heuristic Match](https://labs.inquest.net/dfi/search/alert/Macrosheet%20CHAR%20Obfuscation)\n* [2020-07 Tale of a Polished Carrier](https://inquest.net/blog/2020/07/27/Tale-of-a-Polished-Carrier)\n  * [GitHub Hosted Samples and Embedded File Extractions](https://github.com/InQuest/malware-samples/tree/master/2020-07-GlobalSign)\n* [2023-06 Mystic Stealer: The New Kid on the Block](https://inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block)\n  * [GitHub Hosted Samples](https://github.com/InQuest/malware-samples/tree/master/2023-06-MysticStealer)\n* [2024-01 Shortcut To Malice: URL Files](https://inquest.net/blog/shortcut-to-malice-url-files/)\n  * [GitHub Hosted Samples](https://github.com/InQuest/malware-samples/tree/master/2024-01-URL-Files)\n\n# Additional Sources\n\n*Some additional GitHub repositories to explore for those curious to gather more public domain samples.*\n\n* [ytisf/theZoo](https://github.com/ytisf/theZoo) - Live samples with binaries and source code.\n* [fabrimagic72/malware-samples](https://github.com/fabrimagic72/malware-samples) - Samples collected with honeypots.\n* [HynekPetrak/javascript-malware-collection](https://github.com/HynekPetrak/javascript-malware-collection) - Large collection of malicious JavaScript samples.\n* [wolfvan/some-samples](https://github.com/wolfvan/some-samples) - Large collection of samples captured with honeypots.\n* [0x48piraj/MalWAReX](https://github.com/0x48piraj/MalWAReX) - Remote Access Trojan (RAT) samples.\n* [drbeni/malquarium](https://github.com/drbeni/malquarium) - Web based malware repository, samples available at https://malquarium.org/.\n* [mstfknn/malware-sample-library](https://github.com/mstfknn/malware-sample-library) - Malware samples, derived from https://iec56w4ibovnb4wc.onion.si/.\n* [RamadhanAmizudin/malware](https://github.com/RamadhanAmizudin/malware) - Malware source and binaries, most from http://www.malwaretech.com/.\n","funding_links":[],"categories":["\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finquest%2Fmalware-samples","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finquest%2Fmalware-samples","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finquest%2Fmalware-samples/lists"}