vx-underground
50.5K subscribers
4.43K photos
480 videos
84 files
1.56K links
The largest collection of malware source, samples, and papers on the internet.

Password: infected

https://vx-underground.org/
Download Telegram
Hello,

I continue to receive requests to make the malware collection static HTML like it was from 2019 - 2023.

While I too like and prefer static HTML, VXUG is very large in scope and has many moving parts.

As of July 2nd, 2026, VXUG has:
- 233,151 files
- 38,212 sub-directories
- 13.1TB 7z ultra compressed

Do you have any idea how large and nested these HTML files would be?
πŸ₯°65❀19😁12🀣4😒2πŸŽ‰1
"hey smelly, out of curiosity, how did you learn so much? have you read every paper on vxug?"

fuck no. i probably havent read 10% of the library. if you unironically read everything there you would be two things

1. ultra mega fuck off malware brain
2. profoundly depressed
πŸ₯°98😁37❀13😒8🀣6πŸ”₯3🀯1πŸŽ‰1
Dawg, the Peter Stokes affadavit (nerd from Scattered Spider who was arrested) is fucked

This dude was on Snapchat sending people pictures of him with stacks of money, expensive hotels, jewelry, etc.

My Brother in Christ, they've got you dead to rights because of your flexing. You're going to do 40 years in prison now, 20 years if you beg for forgiveness. Why did you flex on Snapchat?

When he's released from prison he's going to be 40 years old (if he's lucky) and all of his Telegram homies are going to be gone. Telegram, Discord, Snapchat, etc may not even exist anymore.

Think of how much changes in 20 to 40 years. Now imagine that time being passed while sitting in a box with all white walls and steel bars.
🀣90🫑24❀20😒17😱4😁3πŸ˜‡1😘1
Still thinking about the time I went to BestBuy. I was in a pinch and needed to buy some computer stuff fast.

The guy behind the counter tried making an up-sale and pitched me some anti-virus product. He said it's good and protects you from viruses

I looked him straight in his eyes and said, "What? But I want the computer viruses on my computer"

He looked right back at me and just said "Okay".

He looked at me like this:
πŸ₯°132😁74🀣30❀7🀯1😒1πŸŽ‰1🀩1πŸ’―1
On Tuesday, June 30th, Jennifer Gibbons, Vice President of State Government Affairs for ESA (Entertainment Software Association) testified before the United States California Senate regarding Minecraft and Call of Duty private servers, which she claims are actually piracy.

Gibbons told the California Senate these private servers are unsanctioned. She is representing the video game industry in the United States and vehemently opposes the recently introduced Protect Our Games Act, the United States version of Stop Killing Games.

She referred to Minecraft private servers as "The Black Market".
🀣173😱12😒5❀4πŸ₯°2πŸ‘1😁1πŸŽ‰1
vx-underground
On Tuesday, June 30th, Jennifer Gibbons, Vice President of State Government Affairs for ESA (Entertainment Software Association) testified before the United States California Senate regarding Minecraft and Call of Duty private servers, which she claims are…
Thinking of hosting a private Minecraft server? Think again. That is ILLEGAL. You're operating A BLACK MARKET OF CRIME.

Do it and you could end up like this, buddy. It's all over for you and your band of criminal misfits *check notes* building a cool looking fort
πŸ₯°102😱30🀣24😁7❀6😒1πŸ™1🫑1
I'm not sure what's going, but from my European and South American colleagues, I have developed a sudden interest in the FIFA World Cup.

It might be over for me. I can feel the Europeans draining the cheeseburger from my blood (I don't know anything about FIFA).
❀43🀣36πŸ₯°8😒3πŸ€”2πŸŽ‰1
vx-underground
I'm not sure what's going, but from my European and South American colleagues, I have developed a sudden interest in the FIFA World Cup. It might be over for me. I can feel the Europeans draining the cheeseburger from my blood (I don't know anything about…
Media is too big
VIEW IN TELEGRAM
I'm not going to lie, I saw the Mexican people going absolutely schizo when Mexico defeated Ecuador and I thought to myself, "wtf thats badass, i want to be proud of the united states and go crazy af in the streets with random people".
❀59πŸ”₯18🀯8😒5😁3πŸ₯°1πŸ€”1🀣1
Honestly, if you're wanting to get into malware development and malware reverse engineering (specifically in regards to Windows), I think the most important thing you can learn is the concept of a file.

1. What is a file extension? This is pretty obvious, .exe, .pdf, .mp3, etc.

2. How are file extensions handled? This would introduce the idea of the Windows registry and how extension querying is handled vs. the Windows loader

3. Which file extensions (or file types, rather) are used for payload delivery? e.g. .exe, .dll, .xll, .vbs, .ps1, .py, .lua, .docx, .vcproj, etc. The .exe, .dll, (and other native types, like .sys) will be sort of self-explanatory, but the others would introduce different malware delivery mechanisms (malicious files) and potentially wiggle in the concept of payload smuggling.

4. Each of the previous listed file types are different. How are they different? .exe and .dll (and many others) are native to Windows and handled by the Windows loader. Why are the others still considered executable files? This is when you slowly step into interpretive languages and VM dependency (JVM, PVM, etc).

Somewhere in this you would eventually stumble into the Windows PE format, how the PE format is different for .NET binaries, how Electron .JS executables act differently, weird stuff like .docx file internals, etc.

Basically, I think understanding files and how they're handled is an excellent starting point and sets the stage for what will happen next.

pic unrelated
❀118πŸ™15πŸ‘5πŸ₯°5πŸ”₯2🫑2❀‍πŸ”₯1
Doctor: Take this medicine at night to help you sleep

Me: Okay

Doctor: Oh, and by the way, if you have a sudden erection which is painful and won't go away, it's from the medicine. Immediately seek medical attention. Go the Emergency Room

Me: Okay
😁118🀣48❀11😱5πŸ₯°2πŸŽ‰2
> Peter Stokes
> Scattered Spider guy
> Arrested
> Microsoft helps FBI
> Read court documents
> Page 12
> Microsoft tracks Stokes from GDID
> Microsoft Global Device Identifier (GDID)
> Stokes used Windows
> Page 34
> GDID assigned to each OS install
> GDID unique to each device
> GDID only change if OS wiped
> Stokes GDID 6755467234350028
> GDID reported internet activity to Microsoft
> GDID showed Stokes using Ngrok
> GDID reported Stokes IP address
> GDID showed Stokes web activity
> GDID showed timestamps of web activity
> GDID mapped with video game activity
> GDID showed games played
> GDID undocumented
> GDID only mentioned in one MSDN document
> Azure UCDOStatus
> Azure Monitor Logging
🀯168😱23🀣8πŸ₯°7❀5😒2😁1
vx-underground
> Peter Stokes > Scattered Spider guy > Arrested > Microsoft helps FBI > Read court documents > Page 12 > Microsoft tracks Stokes from GDID > Microsoft Global Device Identifier (GDID) > Stokes used Windows > Page 34 > GDID assigned to each OS install > GDID…
Chat, I don't want to sound like a schizo, but it sure is STRANGE how much data Microsoft collects with it's telemetry functionality. It's very odd Microsoft documents and records all of your web browser activity, and gaming, and can tie it to your social media, so they can improve your "Windows Experience".
πŸ₯°80🀯41😱18🀣16❀9πŸ€”9πŸ’―6😒2πŸ™2πŸ‘1
The United States is 250 years old.

To celebrate this occasion, we will be giving everyone two hundred and fifty (250) malwares.

God Bless
πŸŽ‰207🀣46πŸ₯°19❀7😁4πŸ‘2🀝2❀‍πŸ”₯1πŸ”₯1
We're slowly convincing the youth to autismmax via silly pictures of cats.
πŸ₯°128❀22😍8😁5❀‍πŸ”₯1πŸ‘1🀣1🫑1
Chat, today is a good day.

Look at this "Grand Theft Auto 6 BETA for FREE" advertisement that fell onto my lap. It delivers a .rar that has a .exe inside.

I am so happy. I am elated. It is free malware.
❀87🀣52πŸ₯°12πŸ”₯8πŸ‘3
vx-underground
Chat, today is a good day. Look at this "Grand Theft Auto 6 BETA for FREE" advertisement that fell onto my lap. It delivers a .rar that has a .exe inside. I am so happy. I am elated. It is free malware.
Literally shaking, screaming, crying, THROWING UP.

The .exe is bundled with BUN (some Javascript bullshit). I deobfuscated the main goop inside of it, found the C2 configuration (where it downloads cool malware from), and ... it's dead.

Cloudflare KILLED THEIR C2. THE MALWARE IS DEAD. THEY KILLED THE MALWARE CAMPAIGN.

How are we supposed to get malware from fake Grand Theft Auto 6 advertisements if Cloudflare KILLS their infrastructure???

RIP NWHStealer campaign ID 202fdde5193b.
RIP NWHStealer c2 unauth-amper(.)cc
🀣103😒15❀13😁3🫑3πŸ₯°2🀝2
vx-underground
Literally shaking, screaming, crying, THROWING UP. The .exe is bundled with BUN (some Javascript bullshit). I deobfuscated the main goop inside of it, found the C2 configuration (where it downloads cool malware from), and ... it's dead. Cloudflare KILLED…
I only have one question though... This malware kills itself if it detects the following strings:
- sandbox
- sand box
- malware
- virus
- maltest
- peter wilson (??????)
- paul jones (??????)

who THE FUCK is peter wilson and paul jones???
🀣142😁14❀10😱5πŸ€”3πŸ₯°1
🀣91πŸ”₯25πŸ€“7❀6πŸ₯°5πŸ’―5πŸ‘4🀝2😒1
I'm on the weird part of the internet reading about Termite microbiomes

Now I'm frustrated scientists haven't conducted more research into biotechnologies that allow humans to extract nutrition from woody stuff like lignin

tldr why science man no let us eat wood wtf
πŸ”₯59😁18πŸ’―11❀5🫑3πŸ₯°2