Tuesday, February 23, 2016

Files download information

After 7 years of Contagio existence, Google Safe Browsing services notified Mediafire (hoster of Contagio and Contagiominidump files) that "harmful" content is hosted on my Mediafire account.

It is harmful only if you harm your own pc and but not suitable for distribution or infecting unsuspecting users but I have not been able to resolve this with Google and Mediafire.

Mediafire suspended public access to Contagio account.

The file hosting will be moved.

If you need any files now, email me the posted Mediafire links (address in profile) and I will pull out the files and share via other methods.

P.S. I have not been able to resolve "yet" because it just happened today, not because they refuse to help.  I don't want to affect Mediafire safety reputation and most likely will have to move out this time.

The main challenge is not to find hosting, it is not difficult and I can pay for it, but the effort move all files and fix the existing links on the Blogpost, and there are many. I planned to move out long time ago but did not have time for it. If anyone can suggest how to change all Blogspot links in bulk, I will be happy.

P.P.S. Feb. 24 - The files will be moved to a Dropbox Business account and shared from there (the Dropbox team confirmed they can host it )  
The transition will take some time, so email me links to what you need. 

Monday, February 22, 2016

ZergHelper - Pirated iOS App Store’s Client sample

Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review by Claud Xiao  

Sample credit:  Claud Xiao

File information:
“开心日常英语 (Happy Daily English) / Zerghelper

File: EnglishStudy
Size: 7925888
MD5:  00C7FF895B8707C2D63BEAD4D5ECC9F6

File: EnglishStudy-v5.0.0.ipa
Size: 21506666
MD5:  8135A3E8EF90558C70223EB00F9B19C0

File: Installer.ipa
Size: 6576644
MD5:  ED9C55AC907F0FA6D8FF6693C3B14835

Download. Email me if you need the password (new location that works)

Sunday, October 4, 2015

YiSpecter iOS iphone malware samples

Research: Palo Alto.  Claud Xiao  YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs

Sample Credit: Claud Xiao

File: ADPage Size: 2570560  MD5:  8E93947DFD1B11A77A04429BD8B32CED
File: ADPage.ipa Size: 1484304  MD5:  62C6F0E3615B0771C0D189D3A7C50477
File: DaPian  Size: 5978608 MD5:  3A41BB59E2946A66BBD03A8B4D51510B
File: DaPian.ipa Size: 2826575 MD5:  6E907716DC1AA6B9C490CE58AAAE0D53
File: HYQvod Size: 1984256 MD5:  35EE9556457D6170EA83C800887C1CBE
File: HYQvod.ipa Size: 2154552 MD5:  97210A234417954C7BBE87BFE685EAAE
File: HYQvod_3.3.3 Size: 3347360 MD5:  304A10D364454EE8F2E26979927C0334
File: HYQvod_3.3.3.ipa Size: 3148992 MD5:  29E147675AF38ECE406B6227F3CCD76B
File: NoIcon Size: 1426368 MD5:  E6B45FAF823387BCA7524C4D0329543F
File: NoIcon.ipa Size: 581136 MD5:  FBF92317CA8A7D5C243AB62624701050
File: NoIconUpdate Size: 1427040 MD5:  4460F3D29A4BCE8AA8E8FFDE4A467B70
File: NoIconUpdate.ipa Size: 590191 MD5:  0B98EE74843809493B0661C679A3C90C

 Download. Email me if you need the password (New Link)

Tuesday, September 1, 2015

KeyRaider: iOS infostealer

Research: Palo Alto: KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia

Sample Credit:Claud Xiao

02464AE6259A2C8194470385781501B7 9   catbbs.ibackground 3.2.deb
0F710F8397EC969AF26C299A63AEDA8B 9catbbs.iappstore 4.0.deb
1DD1A8C6C213E3B51CD2463D764A9C62 9catbbs.MPPlugin 1.3.deb
3838A37A9BC7DF750FB16D12E32A2FCB iweixin.deb
3C57E433FBBA1AC1E4DC1B84CEC038FB repo.sunbelife.batterylife 1.4.1.deb
CAAF060572E57B6D175C3959495BCDBF 9catbbs.GamePlugin 6.1-9.deb
DDF224F63EE9C7FBA76298664A2B0B00 9catbbs.iappinbuy 1.0.deb

Email me if you need the password  (2015-09-03 - fixed zip file)

Tuesday, June 2, 2015

AndroidOS.Wroba.x / HijackRAT - Android sample

A variant of

Research: Fireeye: The Service You Can’t Refuse: A Secluded HijackRAT 2014

Sample Credit: SUVsoft

MD5:  a21fab634dc788cdd462d506458af1e4
Size: 403974

Installed apps:

Download. Email me if you need the password. (New Link)

Android Locker Ransomware sample

Monday, May 25, 2015

Android FakeApp.AL Sample

Research: Scareware: Fake Minecraft apps Scare Hundreds of Thousands on Google Play  -

File: com.xcraft.mods.apk
Size: 341376
MD5:  ACB66E858D54C61AA10E60276001C02B

Download. Email me if you need the password

Thursday, May 21, 2015

NotCompatible / NioServ Android sample

This file has been spotted as the response content of the following URLs.

File: Android.Core.Defender.apk
Size: 64345
MD5:  7079D98E70EA31EA8F1DA54D160979EF

 Download. Email me if you need the sample

Wednesday, April 1, 2015

Hacking Team RCS for Android sample

Advanced spyware.

Credit: Anonymous

Size: 2392347
MD5:  904ED531D0B3B1979F1FDA7A9504C882

Sunday, March 22, 2015

Android Infostealer - Godwon

Android.Podec SMS Trojan bypasses CAPTCHA sample

Research: Securelist: SMS Trojan bypasses CAPTCHA


Download. Email me if you need the password

Cajino - Remote administration trojan using Baidu Cloud Push service

Research: Remote administration trojan using Baidu Cloud Push service


Download. Email me if you need the password

Android.Titan.1 South Korean SMS trojan

Research: Dr. Web. Dangerous Android Trojan “hides” from anti-viruses


Download. Email me if you need the password

Android Ransomware Simplocker sample

SocialPath - Android infostealer sample

Android Worm Gazon Amazon Rewards

Research: Adaptive Mobile. Worm.Gazon: Want Gift Card? Get Malware

Sample Credit:  Marc Rivero Lopez

MD5 4a56c7abdc455c82e95753bdb1934285

Download. Email me if you need the password