We are great fans of Norman's Sandbox. The Norman Sandbox is not a pattern matching only virus scanner, the scanner can run files in its own internal sandbox, profile them, and guess upon their behaviour if they are malicious. The point in this is, you dont need to reverse engeneer the file to gain further information, the sandbox will spit out a nice to read report.
As the Norman Virus Control version you can buy does not spit out a profiling report if the file is known, i took mimetic to parse the emails the online scanning service mailed me.
I stripped the mail addresses, and files of type FILE_IS_DAMAGED.
We can offer these analysis with friendly permission of http://www.norman.no.
Have fun browsing the malware, try the wikisearch to find your personal easteregg.
powered by
split --lines 200 fullnorman.txt norman_ for i in norman_*; do echo ^ filename ^ hash ^ malware ^ signature ^> $i.txt; cat $i >> $i.txt; rm $i ; done
