communityservices.webp

Malware Hash Registry (MHR)

An antivirus and malware validation force multiplier.

Discover Malware Hash Registry 2.0

Identify new or emerging malware that may not be detected by your existing anti-malware tools.

MHR is our free malware validation tool that searches against 30+ antivirus databases and our own malware database to serve as a force multiplier for malware detection and validation. It’s like having an army of malware detectors giving you insight single antivirus solutions cannot.

Researchers and analysts can submit their malware hashes via the MHR portal to get near-real-time results that tell them the percentage of malware databases containing signature matches.

 

Developers and networks security teams can integrate MHR into existing workflows to augment malware detection.

MHR-Screenshot-for-website-1.webp

Malware Hash Registry Features

  • Access to 8+ years of Team Cymru malware analysis

  • Support for MD5, SHA-1 and SHA-256

  • Ask us about our REST API!

Validate file samples quickly and easily by cross-referencing 30+ antivirus databases and Team Cymru’s malware analysis in a single lookup.​

Use Cases

Research

Integrate With...

  • Secure Gateways

  • Cloud Access Security Brokers

  • Document Management Systems

For non-commercial use only.

Help us ensure stable service.

If you are planning on implementing or automating the use of this service in any free or open software, application or host, PLEASE let us know in advance. We would like to adequately plan for capacity and make sure that we can handle the additional load you may generate. Please use the WHOIS-based service for larger queries. We have had instances where large deployments are put in place without informing us in advance, making it difficult to maintain a stable service for the rest of the community.

Attempting to enumerate the malware registry via the public service interface is not only impractical, it is also strictly prohibited. Contact us if the public interface is insufficient for your needs and we may be able to come up with alternative arrangement.

Features

  • Near-real-time results include file #, Time Stamp (EPOC) and signature match percentage.

  • Positive hits return the last time we saw the sample along with an approximate antivirus detection percentage.

  • Cross-references 30+ antivirus databases and 8+ years of Team Cymru malware analysis.

  • Support for MD5,  SHA-1 and SHA-256 hashes.

  • Access via HTTPS, DNS, WHOIS

  • False positive mitigation:

    • We don’t list items with less than 10% detection rate.

    • We exclude entries present in the NIST database.

    • We try to exclude multiple copies of polymorphic malware.

Service Options

Whois (TCP 43) *

DNS (UDP 53) *

HTTPS (TCP 443)

Ask us about our REST API!

* Please be mindful of your risk tolerance and privacy concerns when choosing your transport protocol. DNS is convenient and a standard internet protocol, but does not normally afford the user integrity and confidentiality. HTTPS is recommended for those wanting increased integrity and confidentiality.