This test set has been created to show how Rebuild API regenerates, clean safe and visually identical files. While these test files are not malicious, the set features Active Content that could be manipulated to launch malware.
Complete works of shakespeare.jpg
This file is a polyglot file (i.e., identifies itself as both a .jpg, and a .zip) containing the complete works of William Shakespeare and an image of Shakespeare. To confirm this, rename the file to a .zip file and then unzip using a program like 7zip. You are then able to see 31 files. If the original .jpeg file is run through Rebuild API and steps as above repeated, all the non-image files will have been removed, leaving only the .jpg of Shakespeare.
Macro that opens the calculator app MS Word
Opening the file automatically runs a Macro, launching the calculator app. If it does not run automatically, you may need to enable Macros in Word. Rebuild API removes the Macro, delivering a sanitised file. Upon opening the new file, the calculator app will no longer launch.
Macro that opens the calculator app MS Excel
Opening the file automatically runs a Macro, launching the calculator app. If it does not run automatically, you may need to enable Macros in Excel. Rebuild API removes the Macro, delivering a sanitised file. Upon opening the new file, the calculator app will no longer launch.
Metadata in a Word document
Opening the file, it looks like a benign Word document. The file contains metadata which can be exploited to send malware. You are able to view the metadata stored in the Word document by going to the Properties section in the File menu. Running the file through Rebuild API removes the metadata.
Hyperlinks in a PowerPoint
The PowerPoint contains a hyperlink that, when followed, will take you to Google. Rebuild API deactivates the hyperlinks. In this case, the URL linked to a benign site, but links to malicious sites would also be neutralised.
Unable to rebuild - Corrupted .jpg
The file has been corrupted, so when Rebuild attempts to rebuild the file, the PNG tokenisation fails. Subsequently, the file is not rebuilt.