Wednesday, February 17, 2010

Executables Feed for Malware Analysis

Someone sent me an email wondering why I don't continue to publish a feed for recent executables (like the older version of jsunpack), and I do! I thought the answer could be useful to others wanting to perform malware analysis so keep reading if that interests you.

You can perform a search with the term "executable" under the recent submissions of These are not guaranteed to be malicious, but there is a high likelihood that most of them are malicious. Many of the URLs are from decoded javascript or environment variables pointing to executables.

Here are the links for you,

RSS Feed:

For each executable you find, you may choose not to download it from the actual server (the server may not offer the file anymore). In that case, you can download the executables from jsunpack instead.

Each link in the RSS feed contains a link to the decoding report like this:

If you replace the "go" part with "download" you'll get all the files created and the executable file.

Please enjoy and send me any reports for malware that you analyze and I'll post them on the site.

Tuesday, February 9, 2010

Shmoocon Recap and Presentation Slides

Shmoocon was great! At the Own the Con talk hosted by Bruce Potter, the event organizer, he explained one of the reasons for limiting the con to 1500 people given that his house, living room, and garage become full of swag. He also mentioned that at the open bar on Saturday night Shmoocon attendees created a bar tab of $28k!

He also said attendance was great given that we just experienced the worst snowstorm in Washington DC's history. (about 95 percent attendance)

Thanks to Bruce, his wife, and all the volunteers for putting on another awesome Shmoocon this year! I put the slides from my presentation online for those of you that couldn't make it:

Thursday, February 4, 2010

Shmoocon and New Releases

Hi everyone,
If you make it to Shmoocon this weekend I'll be presenting jsunpack on Saturday at 10am. Also, check out the improved web interface!

See you there!