back to home

vxunderground / MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages.

17,842 stars
2,014 forks
10 issues
AssemblyLimboC
Chat with CodebaseArchitecture ScanSecurity AuditExplain Codebase

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing vxunderground/MalwareSourceCode in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Click here to launch the interactive analysis workspace

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind-ai.vercel.app/repo/vxunderground/MalwareSourceCode)
Preview:Analyzed by RepoMind

Repository Summary (README)

Preview

VXUG logo managed by vx-underground | follow us on Twitter | download malware samples at the VXUG/samples page

Liability Disclaimer:

To the maximum extent permitted by applicable law, vx-underground and/or affiliates who have submitted content to vx-underground, shall not be liable for any indirect, incidental, special, consequential or punitive damages, or any loss of profits or revenue, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from (i) your access to this resource and/or inability to access this resource; (ii) any conduct or content of any third party referenced by this resource, including without limitation, any defamatory, offensive or illegal conduct or other users or third parties; (iii) any content obtained from this resource

Notes

All source code which is packaged may or may not be set with the password 'infected' (without the '). Individual files are likely not packaged. Please do not comment asking for the password - it was placed all over vx-underground.org and the official vx-underground Twitter account.

File structure

  • Android
    • Generic Android OS malware, some leaks and proof-of-concepts
  • Engines
    • BAT
    • Linux
    • VBS
    • Win32
  • Java
    • Some java infectors, proof-of-concept ransomware
  • Javascript
    • In-browser malware
  • Legacy Windows
    • Win2k
    • Win32
    • Win95
    • Win98
    • Win9x
    • WinCE
  • Libs (libraries)
    • Bootkits
    • DDoS proof-of-concepts
    • Win32 libraries (disassemblers, etc).
  • Linux
    • Backdoors
    • Botnets
    • Infectors
    • Mirai-Family (related and/or spin-offs)
    • Rootkits
    • Tools
    • Trojans
  • MSDOS
  • MSIL
  • MacOS
  • Other
    • Acad malware
    • FreeBSD malware
    • SunOS malware
    • Symbian OS malware
    • Discord-specific malware
  • PHP
    • Albania family
    • C99 family
    • Crewcorp family
    • Defacement Tools
    • PHP Infectors
    • Lanker family
    • Macker family
    • PhpSpy family
    • R57-shell family
  • Panel (web panel collections)
  • Perl
    • Various backdoors, hack tools, and infectors
  • Phishing
    • Collection of various phishing pages
  • Point of Sales malware
  • Python
    • Hacktools, various exotic-malware (such as chastity belt ransomware)
  • Ruby
  • Win32
    • Binders
    • Botnets
    • Crypters
    • Exploit kits
    • Infectors
    • Internet worms
    • Malware families
    • Ransomware
    • Rootkits
    • Stealers

Contributors

Marius 'f0wL' Genheimer
Jan 'Duchy' Neduchal
Eduardo P. Gomez
DartPower
Luca364
TheAnonHackUk
Bruce Ediger
Avv
Alan Wake