malware🌐InternationalSANS ISC
64-bit Malware Trend Nears Parity with 32-bit Samples
Monday, February 16, 2026
What
A SANS ISC analysis of over 340,000 malware samples from 2020-2026 shows a growing trend in 64-bit malware, moving away from the previous dominance of 32-bit code. This shift suggests threat actors are increasingly optimizing for modern 64-bit Windows environments, potentially leveraging architecture-specific features or bypassing compatibility layers.
Where
Primarily affects Microsoft Windows computers globally, as the analysis covers general malware trends.
When
Trend observed and published on February 16, 2026, based on data up to February 5, 2026.
Key Factors
- •While 32-bit malware historically dominated due to its broader compatibility across Windows systems, recent data indicates a clear and accelerating shift towards 64-bit variants.
- •The proportion of 64-bit malware samples has risen significantly, reaching approximately 11% of all analyzed PE files over the entire period, with recent daily statistics showing near 50-50 distribution.
- •This evolution suggests threat actors are adapting their toolsets to exploit native 64-bit functionalities or improve performance on modern operating systems, moving beyond the 'common denominator' approach.
Takeaways
- →Organizations should ensure their endpoint detection and response (EDR) solutions and security tools are fully capable of detecting and analyzing 64-bit specific malware.
- →Security teams should update their threat intelligence and malware analysis capabilities to reflect the increasing prevalence and unique characteristics of 64-bit executables.
Read Full Article
Opens original article on SANS ISC
