git404hub

what is malwaresourcecode fr?

vxunderground/malwaresourcecode — explained in plain English

Analysis updated 2026-06-21

18,209AssemblyAudience · researcherComplexity · 1/5Setup · moderate

tl;dr

A curated archive of malicious software source code across Windows, Linux, macOS, Android, and more, maintained by vx-underground for security researchers and defenders who study how malware is built to better detect it.

vibe map

mindmap
  root((repo))
    What it does
      Malware source archive
      Multi-platform samples
      Defense education
    Platforms covered
      Windows botnets rootkits
      Linux backdoors trojans
      Android and macOS
      PHP and JavaScript
    Categories
      Ransomware
      Exploit kits
      Phishing pages
      POS malware
    Audience
      Security researchers
      Malware analysts

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Study real-world botnet source code, including Mirai-family samples, to understand how command-and-control infrastructure is built.

VIBE 2

Analyze ransomware and rootkit samples to build accurate detection signatures for your security monitoring tools.

VIBE 3

Learn how in-browser JavaScript attacks and phishing page templates work in order to write defenses against them.

what's the stack?

AssemblyCPythonPHPJavaJavaScriptPerlRuby

how it stacks up fr

vxunderground/malwaresourcecodemytechnotalent/reverse-engineeringleachim6/hello-world
Stars18,20913,57111,806
LanguageAssemblyAssemblyAssembly
Setup difficultymoderatemoderateeasy
Complexity1/53/51/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · moderate time til it works · 30min

Some archives are password-protected with the word 'infected', extract and run samples only in an isolated, air-gapped environment.

in plain english

MalwareSourceCode is a collection of malicious software source code gathered and organized by the vx-underground security research group. It is intended for malware research and education, understanding how malware is built helps defenders detect and counter it. The repository spans a wide range of platforms and programming languages, including Windows, Linux, macOS, Android, legacy Windows versions, PHP, Python, Perl, Ruby, Java, JavaScript, and assembly language. The collection is organized by platform and category. Windows malware entries include botnets, ransomware, rootkits, crypters (tools that hide malware from detection), stealers, exploit kits, and internet worms. Linux entries cover backdoors, botnets, rootkits, and trojans, including Mirai-family code. There are also phishing page templates, point-of-sale malware, and in-browser JavaScript attacks. Some archived files may be password-protected with the word "infected" to prevent accidental execution. The repository comes with a liability disclaimer: vx-underground and contributors accept no responsibility for how the code is used. Access to this material is intended strictly for defensive research purposes.

prompts (copy fr)

prompt 1
I'm a security researcher studying Mirai. Walk me through how Mirai's scanning and infection mechanism works based on its source code.
prompt 2
I want to write YARA rules to detect common crypter patterns. Explain the obfuscation techniques crypters in the Windows collection typically use.
prompt 3
How does a rootkit hide processes from the OS on Linux? Walk me through the key techniques used in the Linux rootkit samples in this collection.
prompt 4
I need to build a sandboxed analysis environment for running malware samples safely. What are the minimum isolation requirements?

Frequently asked questions

what is malwaresourcecode fr?

A curated archive of malicious software source code across Windows, Linux, macOS, Android, and more, maintained by vx-underground for security researchers and defenders who study how malware is built to better detect it.

What language is malwaresourcecode written in?

Mainly Assembly. The stack also includes Assembly, C, Python.

How hard is malwaresourcecode to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is malwaresourcecode for?

Mainly researcher.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.