Wednesday, February 17, 2010

Executables Feed for Malware Analysis

Someone sent me an email wondering why I don't continue to publish a feed for recent executables (like the older version of jsunpack), and I do! I thought the answer could be useful to others wanting to perform malware analysis so keep reading if that interests you.

You can perform a search with the term "executable" under the recent submissions of These are not guaranteed to be malicious, but there is a high likelihood that most of them are malicious. Many of the URLs are from decoded javascript or environment variables pointing to executables.

Here are the links for you,

RSS Feed:

For each executable you find, you may choose not to download it from the actual server (the server may not offer the file anymore). In that case, you can download the executables from jsunpack instead.

Each link in the RSS feed contains a link to the decoding report like this:

If you replace the "go" part with "download" you'll get all the files created and the executable file.

Please enjoy and send me any reports for malware that you analyze and I'll post them on the site.

No comments:

Post a Comment