Trusted Malware Hash Matching

VersionGopher™ can compare collected SHA-256 file hashes against a local offline catalog of trusted malware hashes. Exact matches become Malware Hits in the dashboard, search results, file cards, Deep Search, and assessment reports without sending each scanned hash to a live reputation service.

A trusted malware hash match is a high-priority incident-response signal. Treat the file as suspicious until disproven, preserve the scan evidence, and review host, path, signature, provenance, and neighboring activity before naming a final infection story.
Exact SHA-256 Matching

VersionGopher matches the scanned file bytes by SHA-256. A matching hash means the catalog knows that exact byte sequence, not just a similar filename, version, publisher, or path.

Offline By Default

Scan browsing, dashboard filtering, Deep Search, and file-card review use the local catalog. The networked operation is the scheduled or managed catalog refresh.

Visible Triage Lane

Malware Hits has its own badge, alert panel, filter chip, result-row indicators, and detail section so exact hash matches are not buried under ordinary CVE or package-risk review.

Honest Limits

The catalog stores the hash verdict and source confidence. It does not automatically prove execution, exploitability, command-and-control, malware family, or security-vendor detection counts.

Where You See Malware Hash Matches

Recommended Analyst Workflow

A file can be both vulnerable and malware-matched. CVE evidence says the detected software version may be affected by a vulnerability; malware hash evidence says the exact file bytes appear in trusted malware hash intelligence. Treat them as separate signals that can both be true.

Catalog Refresh

VersionGopher maintains the shared offline malware hash catalog, the same data-refresh model used for vulnerability and package advisory catalogs. Scheduled feed jobs keep the catalog fresh, and out-of-band refreshes are handled by VersionGopher operations when the enclave needs current hash intelligence before a review.

This keeps VersionGopher usable in standalone enclaves: refresh trusted malware hashes on a controlled cadence, then match scans locally.

What This Is Not