Going to check into those links myself for malware for testing. I use to host honeypots to snag hackers and get them to plant tools etc. Then after they have taken over a system, offline it and analyze further. I would intentionally put a system up that looked like a legit business system etc and intentionally have an exploit vulnerability on it for point of entry and let them in and infect it etc. Lots used the Black VNC exploit for easy entry. After the system is done from checking into what they did, I'd push ghost image to it off of a DVD-R and bring it back to clean running with exploit ready for the next hacker to use the same way in. Lots of EXE's were snagged thru that process, but mostly kiddie scripts, malware written by someone other than the hacker. The most common TSR's were keyloggers, although I stopped servving up honeypots when someone tried to turn my honeypot into a relay point for P2P. When I saw that, I was like ok it was fun baiting them, but its now too dangerous if my honeypot can come back and bite me.