• 2026 64-Bits Malware Trend In 2022 (time flies!), I wrote a diary about the 32-bits VS. • 64-bits malware landscape[1]. • It demonstrated that, despite the growing number of 64-bits computers, the “old-architecture” remained the standard. • In the SANS malware reversing training (FOR610[2]), we quickly cover the main differences between the two architectures. • One of the conclusions is that 32-bits code is still popular because it acts like a comme denominator and allows threat actors to target more Windows computers. • Yes, Microsoft Windows can smoothly execute 32-bits code on 64-bits computers.
Article Summaries:
- 2026 64‑Bit Malware Trend - 16 Feb 2026
A recent analysis of 346,985 Windows PE malware samples from Malware Bazaar (Feb 2020-Feb 2026) shows a growing shift toward 64‑bit binaries. While 32‑bit code still dominates (312,307 samples, 90 % of the dataset), 64‑bit samples now account for 34,677 entries (11 %). The trend is accelerating: in the last 30 days, daily 64‑bit samples rose from 24 to 70, approaching parity with 32‑bit variants. The data suggest threat actors are increasingly targeting 64‑bit Windows systems, reflecting broader adoption of 64‑bit platforms and the continued compatibility of 32‑bit malware on 64‑bit hosts.
- In a February 2026 update, Xavier Mertens reports a growing share of 64‑bit malware in the wild. Analyzing 346,985 PE samples from Malware Bazaar (Feb 2020‑Feb 2026), 312,307 were 32‑bit while 34,677 were 64‑bit-just 11 % overall. However, the trend over the last year shows a steady rise in 64‑bit samples, with recent daily counts approaching a 50‑50 split between architectures. This shift contrasts with the 2022 landscape, where 32‑bit code dominated as a universal target. Mertens’ data suggest that threat actors are increasingly exploiting 64‑bit Windows systems, narrowing the architecture gap.
Sources: