Home • Hashes • Research • About
Monday, 10 August 2020
The global pandemic gave me a great deal more free time than I was expecting in 2020, but I put some of it to good use and made significant updates and improvements to VirusShare. Officially speaking, this is the first major update since quietly launching the project over 9 years ago. While there have been many updates and tweaks to the backend systems that track down and ingest all the samples, this may be the first published change to the website and search features since 2011.
Previously web-based search options included hash and antivirus detection strings. I am happy to announce that the available options have expanded a bit.
The full list of search options with examples can be found in the search help. New web search and filtering options include:
Web-crawlers have been used for finding new malware samples since the beginning and log data from these crawlers is now available to enhance your understanding of the provenance of a sample. You can perform searches of the crawler data by:
Thanks to the retention of benign files and changes to the backend database, it is now more practical to rescan and recategorize samples should the detection status of a particular sample change after being added to the corpus. Some rescans and adjustments will begin taking place in the near future with plans to address the false-positive detections of the zero-byte null file and the file containing a single ASCII space character as the very first samples to be "fixed".
Torrents of zip files containing collections of detected samples will continue to be created and shared, but these are only intended to serve as a snapshot of the state of the data at the time of creation, to provide a way for researchers to download a significant samples size efficiently, and not to be updated should the detection state of a sample change after the creation of the zip file. Unfortunately there is no practical way to modify the shared and hashed zip file should there be a need to remove samples that may later be considered benign. Likewise, the list of MD5 hashes of samples released with each zip file act as a historical record as the constant addition or subtraction of entries in these files are impractical to maintain in this manner.
A REST API is now generally available to programmatically query the VirusShare database and receive results as JSON formatted text. For more information about the API service, please refer to the APIv2 Documentation.
VirusShare will continue its mission to provide free access to malware and data for the greater research community. VirusShare is a service hosted and maintained by Corvus Forensics who will provide commercial services to support the specific needs of larger organizations including enhanced API access, data feeds, and specialized searches of VirusShare's data. Please contact email@example.com to discuss how the VirusShare dataset can supplement your organization's cybersecurity research.