Whether samples downloaded from virus share can execute automatically in my computer

Question

I am doing some android malware analysis work and downloaded many android samples in virus share, but I found some of them are windows malware e.g. labeled 'win32' or something.

Are these windows malware samples able to execute automatically in my computer even if I didn't add a proper extension name for them e.g '.exe'?

I am afraid it may damage my computer or leak some private data...

The samples that I downloaded is from this zip file.

To simplify the question that I want to ask is: Whether a sample that has no extension name can excute automatically？

Answer 1

The simplest and most common type of malware depends on you executing it, but malware can target vulnerabilities in any program that processes the data.
There are a few cases where simply downloading a file without opening it could lead to execution of attacker controlled code from within the file. It usually involves exploiting a known vulnerability within a program which will handle the file in some way. Here are some examples:

• Windows will try to extract information from the file to display the icon and preview when looking at the folder inside explorer (such as PDF or image thumbnail). One example was the Windows Metafile Vulnerability which could be exploited only by previewing the file in explorer.

• Another attack vectors is the builtin Windows Search. To extract the information necessary for a full text search Windows will scan the files in the background and use the file parser to extract the content. A bug in the file parser can thus lead to code execution.

• The file targets a vulnerability in your antivirus which triggers when the file is scanned
• The file targets a vulnerability in your file system such as NTFS where the filename or another property could trigger the bug
• A library file (ex. dll) could get executed when saved to the same directory where an application vulnerable to binary planting is executed from