← Back to all feeds

🔐 File Hash Feed

SHA256 hashes of malware samples collected through our honeypot network. Use for file reputation checks, malware detection, and endpoint security.

Hash Feed (SHA256)

All malicious file hashes

⭐

sha256.txt

Complete SHA256 hash feed

View Download

How to Use File Hashes

Check File Reputation (Python):

import requests
import hashlib

def check_file_reputation(file_path):
    # Calculate SHA256 hash
    with open(file_path, 'rb') as f:
        file_hash = hashlib.sha256(f.read()).hexdigest()

    # Get malicious hashes
    response = requests.get('https://www.check-the-sum.fr/feeds/hashs/sha256.txt')
    malicious_hashes = set(response.text.strip().split('\n'))

    if file_hash in malicious_hashes:
        print(f"⚠️  MALICIOUS: {file_path}")
        print(f"Hash: {file_hash}")
        return True
    else:
        print(f"✓ Clean: {file_path}")
        return False

# Usage
check_file_reputation('/path/to/suspicious_file.exe')

Integrate with ClamAV:

#!/bin/bash
# Add hashes to ClamAV signatures

curl -s https://www.check-the-sum.fr/feeds/hashs/sha256.txt | \
  awk '{print $1 ":*:CheckTheSum-" NR}' > /var/lib/clamav/checkthesum.hdb

# Reload ClamAV
systemctl reload clamav-daemon

Yara Rule Generation:

rule CheckTheSum_Malware {
    meta:
        description = "Malware from Check-The-Sum honeypots"
        source = "https://www.check-the-sum.fr"

    strings:
        // Import hash list here

    condition:
        hash.sha256(0, filesize) in (
            // Hashes from sha256.txt
        )
}