Malware.lu is a repository of malware and technical analyses for security researchers.

Malware.lu provides an expert team in malwares analyses and incident response for private and government entities.

Disclaimer:

Malware.lu contains malware samples. Malware.lu will not be held responsible for any damage brought to your equipment, including virus infection, caused by accessing, using or displaying this website or by downloading any information. You are accessing this website at your own risk.

If you would like to download or submit samples, you need to have an account. To request an account, please send an email to with a username and a short explanation about "why you want an account". Currently the database contains 5,572,622 samples. The complete list of md5|sha1|sha256 can be found here

We do not directly host our technical analyses. The articles are hosted on a Google code named malware-lu.

List of articles and technical analyses by date:

13/05/2013 : Analysis of the sample cdorked.A

08/04/2013 : APT1: technical backstage

20/02/2013 : ZeroAccess statistics

11/02/2013 : Analysis of the sample blackenergy

08/02/2013 : Update of the technique used by Rannoh/Matsnu to store the images (version of January 2013)

16/01/2013 : Home made Red October C&C

16/01/2013 : Analysis of the malware of Red October - Part 3

15/01/2013 : Analysis of the malware of Red October - Part 2

15/01/2013 : Analysis of the malware of Red October - Part 1

26/10/2012 : Malwasm: Offline debugger for malwares analysis

25/09/2012 : Analysis of Ysreef (a variant of Tobfy)

11/09/2012 : The .zip file in attachment of the previous report (EN)

11/09/2012 : Example of a professional report realised by malware.lu for our customers (EN)

04/09/2012 : Karagny.L unpack (EN)

30/08/2012 : Linux/Mac BackDoor.Wirenet.1 config extractor (EN)

28/08/2012 : Analysis of a russian ransomware (EN)

27/08/2012 : Analysis of x0rb0t (EN)

17/08/2012 : Analysis of Necurs (EN)

22/07/2012 : Analysis of Xtreme RAT (EN)

19/07/2012 : List of samples available on malware.lu about Mahdi aka Madi (EN)

09/07/2012 : Analysis of an autoit ransomware

21/06/2012 : Analysis of functions used to encode strings in Flame (GDB script)

31/05/2012 : Dionaea auto-submit configuration

31/05/2012 : Static analysis of duqu malware with metasm (stage 2) (FR)

31/05/2012 : Static analysis of duqu malware with metasm (stage 2) (EN)

29/05/2012 : List of samples available on malware.lu about Flamer aka skywiper (EN)

29/05/2012 : Presentation & example of our ASM ripper (EN)

25/05/2012 : Malware dropper/Fixing exploit (EN)

21/05/2012 : Analysis & pownage of herpesnet botnet (EN)

20/05/2012 : Analysis of an obfuscated script (MacOS) (EN)

18/05/2012 : Analysis of xpxacxk packer (aka DHL report) (FR)

15/05/2012 : Scripts to use the Malware Hash Registry (MHR) service from Team Cymru

13/05/2012 : Yara signature to identify packer, magic number, artefect,...

13/05/2012 : Script to see VirusTotal report from CLI.

13/05/2012 : Script to download our samples from CLI.

06/05/2012 : Analysis of a double packer in the heap (FR)

02/05/2012 : Analysis of Facebook spreader (FR)

02/05/2012 : Analysis of Facebook spreader (EN)

20/04/2012 : Static analysis of duqu malware with metasm (stage 1) (FR)

20/04/2012 : Static analysis of duqu malware with metasm (stage 1) (EN)