Sunday 6 March 2016

The Zoo A Project That Allow Malware Analysis

The Zoo A Project That Allow Malware Analysis

TheZoo: A Project That Allow Malware Analysis

Ytisf/TheZoo is a project. This project is available to public and it also make the possibility of malware analysis open. All the versions of malware are very hard to come by in a way which will allow analysis. TheZoo is developed by Yuval tisf Nativ but now it is maintained by Shahak Shalev.

Features of TheZoo:
  • It allow the study of malware.
  • It enable people who are interested in malware analysis.
  • It offer fast and easy way of retrieving malware samples and source code for promoting malware research.

These malware are very dangerous, never run them unless you are absolutely aware of that malware, because they come encrypted and locked for a reason. For using this malware you can use it in a VM because it doesn't have internet connection. If you run them unconstrained then it may harm you and that will be very dangerous.

This malware is free available on malware database and the licence is Copyright (C) 2015, Yuval Nativ, Lahad Ludar. You can easily redistribute it and you can modify it also in terms of GNU General Public License as published by the Free Software Foundation. The copy of the GNU General Public License must be needed along with this program. You can also download it from the link:

What are the root files?

The version 0.42 of TheZoo now runs on both CLI and ARGVS modes, but the command line arguments for calling the program is same. The CLI modes is the deafult state of theZoo runtime. Here are the files and directories that are responsible for the application's behaviour.


Whatever the information is needed for the running of the program the conf folder holds those files. 


It Contains .py and .pyc import files used by the rest of the application


It contains the actual malwares samples.


The source code of Malware is in this files.

The Directory Structure contains only 4 files:

The name of that files are following:
  • Password file for the archive.
  • SHA256 sum of the 1st file.
  • Malware files in an encrypted ZIP archive.
  • MD5 sum of the 1st file.

TheZoo is acting on maldb.db in order to find malwares indexed on your drive, which is a DB. 
If you want to see the full structure of this db then just visit the link TheZoo.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer