Signature and security product testing often requires large numbers of sorted malicious and clean files to eliminate false positives and negatives. They are not always easy to find, but here are some that I have.Clean documents are collected from various open sources. All the copyright rights belong the the authors of each document and file. You must not use the documents for their content but only as samples of particular file types.
Download all
Download link for all files listed below
All files use the same password (scheme). Email me if you need the password.
16,800 CLEAN FILES - EXE
UTILITY FOR CLEAN EXE FILES - XLS(X), DOC(X), RTF
CLEAN MS OFFICE FILES AND RTF - 2000 FILES - ZIP, 7Z, RAR
CLEAN ARCHIVE FILES - 5500 FILES - JAR
CLEAN JAVA FILES - 100 FILES - PDF
PDF - 9000_files and PDF -100+with embed_3d_video_swf_ js (new link) - MACH-O
CLEAN OSX MACH-O FILES - 50 FILES - ELF
CLEAN ELF LINUX FILES - 46 FILES
11,960 MALICIOUS FILES- PDF
MALWARE PDF NEW -170 FILES MALWARE PDF PRE_04-2011_10982_files
RTF, XLS
MALWARE RTF_CVE-2010-3333_RTF_92files
MALWARE_RTF_CVE-2012-0158_300_files
MALWARE_ENCRYPTED_XLS_16files
- MACH-O
MALWARE_MACHO_OSX_100_FILES - ELF
MALWARE_ELF_LINUX_100_FILES - JAR
- MALWARE JAVA (JAR) - 200 FILES
DETAILED LISTING OF CLEAN FILES
1. WINDOWS EXECUTABLES
EXE
Windows executables. I am not posting any because you can quickly generate your own from any vm.
See exe collect utility by Stephan Chenette. https://github.com/IOActive/SearchAndCollect
2. CLEAN MS OFFICE FILES AND RTF - 2,000 FILES
DOC, DOCX, XLS, XLSX, RTF
RTF - 200_files
XLSX -100_files
XLS_300_files
DOCX_100_files
DOC_1300_files
3. CLEAN ARCHIVE FILES - 5,500 FILES
7z, ZIP, RAR
Encrypted and not.
7z_w_EXE+DLL_1000_files_nopass
RAR_EXE+DLL_1000_files_encryptedname_pass_123qwe
RAR_EXE+DLL_1000_files_pass_password123
RAR_OFFICE+PDF_500_files_pass_1234!@#$
ZIP_w_EXE+DLL_1000_files_nopass
ZIP_w_EXE+DLL_1000_files_pass_password123
P.S. - please remove _185-1 (86).rar from RAR_OFFICE+PDF_500_files_pass_1234!@#$ as it is not clean, accidental sneak in. It was already removed in the current set.
4. CLEAN JAVA FILES - 100 FILES
JAR
CLEAN_JAR_100_files
5. CLEAN ADOBE READER FILES - 9,100 FILES
PDF - 9000_files
PDF -100+__embed_3d_video_swf_ js - clean pdf documents with special features - embedded javascript, 3d objects, flash, video, etc.
6. CLEAN OSX MACH-O FILES - 50 FILES
7. CLEAN ELF LINUX FILES - 46 FILES
These 4 files were removed as questionable (perl2elf utility with obfuscated perl code)
0fdb34f48166dae57ff410d723efd3f7
4020b92f05661260f5ed3fe642eb0ace
a1faa486be2303697d13d26cca576f27
f7536bb412d6c4573fd6fd819e1b07bb
DETAILED LISTING OF MALICIOUS FILES
1. MALWARE ADOBE READER FILES -11,152 FILES (new link)
PDF-XDP _3files
CVE-2013-0640_PDF_21files
CVE-2012-0754_PDF_1file
CVE-2011-2462_PDF_25files
CVE-2010-0188_PDF_49files
CVE_2010-2883_PDF_25files
MALWARE_PDF_PRE_04-2011_10982_files - files from web exploit packs - older than April 2011.
2. MALWARE MS OFFICE AND RTF FILES -
RTF, XLS
MALWARE RTF_CVE-2010-3333_RTF_92files
MALWARE_RTF_CVE-2012-0158_300_files
MALWARE_ENCRYPTED_XLS_16files - CVE-2012-0158
3. MALWARE_MACHO_OSX_100_FILES
4. MALWARE_ELF_LINUX_100_FILES
5. MALWARE JAVA (JAR) - 200 FILES
If you find yourself in need of more documents, you may want to check out the 'govdocs' corpus - it is just about 1 million files and is unencumbered with regard to distribution. (on digitalcorpora.org)
ReplyDeleteI do forensics research and big sources of ground truth are very helpful for tool building.
what's the password?
ReplyDeleteNice Collection .
ReplyDeleteTry to contact for password , but no answer !!
Thanks for providing the psw so quick!
ReplyDelete