This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware or causing real damage to any system. The type of program is organized by concept it is focused on, you can see this through the root folder structure.
I discuss many of these programs through online videos and courses and you may find the following helpful:
Various topics in malware analysis - YouTube Playlist
Getting Started with Reverse Engineering - YouTube Playlist and full courses on Pluralsight
Essential Malware Analysis on Pluralsight:
Yara for Malware Research - YouTube playlist
Essential Elements of the Portable Executable (PE) file - YouTube playlist
These programs are intended to be compiled with the C/C++ compiler from Microsoft. You can use the Developer Command Prompt
after installing the free/community version to compile using cl
. An example of this command would be:
cl <path/to/source_code>
This should produce two files: .obj
and .exe
using the name of the input file. You can typically ignore the .obj
file, the .exe
is what you will analyze. Please note, occassionally specific compiler flags are used to obtain desired affects in the resulting binary. These compiler flags will be identified in the related videos or noted in the README in the specific folder.
If you're looking for real world malware or other interesting artifacts, please check out my repo malware-samples.