theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis we have decided to gather all of them for you in an available and safe way.
theZoo’s purpose is to allow the study of malware and enable people who are interested in malware analysis or maybe even as a part of their job to have access to live malware, analyse the ways they operate and maybe even enable advanced and savvy people to block specific malwares within their own environment.
_ Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!! _
We recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained meaning the you will infect yourself or others with vicious and dangerous malwares!!!
The idea behind theZoo is to allow it to be modular and let you add malware of your own. Each malware should have a directory of it’s own.
Since version 0.42 theZoo have been going dramatic changes. It now runs in both CLI and ARGVS mode. You can call the program with the same command line arguments as before. The current default state of theZoo runtime is the CLI which is inspired by MSF. The following files and directories are responsible for the application’s behaviour.
The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf and more.
Contains .py and .pyc import files used by the rest of the application
The actual malwares – be careful!
Since mdbv0.2 is stable for the command line arguments (where as of 0.42 we are not yet completely sure) and since the size is relativly small we have left out the beta version for those who are interested in it or got used to it. In next version we will confirm arguments as should be.
Each directory is composed of 4 files:
maldb.db is the DB which theZoo is acting upon to find malwares indexed on your drive. The structure is as follows:
An example line will look as follow:
Source && Download