To address the critical lack of standardized, fine-grained datasets simultaneously annotated with both malware type and family in malware classification, this work introduces the first high-quality PE sample dataset supporting two-level (type + family) classification. We propose a static analysis–based method for extracting discriminative PE header features and enhance label reliability by fusing multi-engine scanning results from ClarAVy. Classification models—including Random Forest, XGBoost, and SVM—achieve 98.98% accuracy on binary classification (exceeding 97% even under limited-sample conditions), 81.1% accuracy for type identification, and 73.4% for family identification in multi-class settings. This is the first study to provide joint type-and-family annotations for PE malware, establishing a scalable, fine-grained classification benchmark. The dataset and methodology provide foundational support for hierarchical malware detection and deep learning research.

This work addresses the challenge of malware classification using machine learning by developing a novel dataset labeled at both the malware type and family levels. Raw binaries were collected from sources such as VirusShare, VX Underground, and MalwareBazaar, and subsequently labeled with family information parsed from binary names and type-level labels integrated from ClarAVy. The dataset includes 14 malware types and 17 malware families, and was processed using a unified feature extraction pipeline based on static analysis, particularly extracting features from Portable Executable headers, to support advanced classification tasks. The evaluation was focused on three key classification tasks. In the binary classification of malware versus benign samples, Random Forest and XGBoost achieved high accuracy on the full datasets, reaching 98.5% for type-based detection and 98.98% for family-based detection. When using truncated datasets of 1,000 samples to assess performance under limited data conditions, both models still performed strongly, achieving 97.6% for type-based detection and 98.66% for family-based detection. For interclass classification, which distinguishes between malware types or families, the models reached up to 97.5% accuracy on type-level tasks and up to 93.7% on family-level tasks. In the multiclass classification setting, which assigns samples to the correct type or family, SVM achieved 81.1% accuracy on type labels, while Random Forest and XGBoost reached approximately 73.4% on family labels. The results highlight practical trade-offs between accuracy and computational cost, and demonstrate that labeling at both the type and family levels enables more fine-grained and insightful malware classification. The work establishes a robust foundation for future research on advanced malware detection and classification.