explaingit

vxunderground/malwaresourcecode

Analysis updated 2026-06-21

18,209AssemblyAudience · researcherComplexity · 1/5Setup · moderate

TLDR

A curated archive of malicious software source code across Windows, Linux, macOS, Android, and more, maintained by vx-underground for security researchers and defenders who study how malware is built to better detect it.

Mindmap

mindmap
  root((repo))
    What it does
      Malware source archive
      Multi-platform samples
      Defense education
    Platforms covered
      Windows botnets rootkits
      Linux backdoors trojans
      Android and macOS
      PHP and JavaScript
    Categories
      Ransomware
      Exploit kits
      Phishing pages
      POS malware
    Audience
      Security researchers
      Malware analysts
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study real-world botnet source code, including Mirai-family samples, to understand how command-and-control infrastructure is built.

USE CASE 2

Analyze ransomware and rootkit samples to build accurate detection signatures for your security monitoring tools.

USE CASE 3

Learn how in-browser JavaScript attacks and phishing page templates work in order to write defenses against them.

What is it built with?

AssemblyCPythonPHPJavaJavaScriptPerlRuby

How does it compare?

vxunderground/malwaresourcecodemytechnotalent/reverse-engineeringleachim6/hello-world
Stars18,20913,57111,806
LanguageAssemblyAssemblyAssembly
Setup difficultymoderatemoderateeasy
Complexity1/53/51/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Some archives are password-protected with the word 'infected', extract and run samples only in an isolated, air-gapped environment.

In plain English

MalwareSourceCode is a collection of malicious software source code gathered and organized by the vx-underground security research group. It is intended for malware research and education, understanding how malware is built helps defenders detect and counter it. The repository spans a wide range of platforms and programming languages, including Windows, Linux, macOS, Android, legacy Windows versions, PHP, Python, Perl, Ruby, Java, JavaScript, and assembly language. The collection is organized by platform and category. Windows malware entries include botnets, ransomware, rootkits, crypters (tools that hide malware from detection), stealers, exploit kits, and internet worms. Linux entries cover backdoors, botnets, rootkits, and trojans, including Mirai-family code. There are also phishing page templates, point-of-sale malware, and in-browser JavaScript attacks. Some archived files may be password-protected with the word "infected" to prevent accidental execution. The repository comes with a liability disclaimer: vx-underground and contributors accept no responsibility for how the code is used. Access to this material is intended strictly for defensive research purposes.

Copy-paste prompts

Prompt 1
I'm a security researcher studying Mirai. Walk me through how Mirai's scanning and infection mechanism works based on its source code.
Prompt 2
I want to write YARA rules to detect common crypter patterns. Explain the obfuscation techniques crypters in the Windows collection typically use.
Prompt 3
How does a rootkit hide processes from the OS on Linux? Walk me through the key techniques used in the Linux rootkit samples in this collection.
Prompt 4
I need to build a sandboxed analysis environment for running malware samples safely. What are the minimum isolation requirements?

Frequently asked questions

What is malwaresourcecode?

A curated archive of malicious software source code across Windows, Linux, macOS, Android, and more, maintained by vx-underground for security researchers and defenders who study how malware is built to better detect it.

What language is malwaresourcecode written in?

Mainly Assembly. The stack also includes Assembly, C, Python.

How hard is malwaresourcecode to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is malwaresourcecode for?

Mainly researcher.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub vxunderground on gitmyhub

Verify against the repo before relying on details.