Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

https://www.spamhaus.org/malware-digest/#malwarebazaar

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	abuse_ch	2025-07-13	5'362
2	adrian__luca	2025-07-08	707
3	SecuriteInfoCom	2025-07-13	185
4	aachum	2025-07-11	169
5	skocherhan	2025-07-11	153
6	lowmal3	2025-07-11	117
7	threatcat_ch	2025-07-12	116
8	JAMESWT_WT	2025-07-09	110
9	cocaman	2025-07-11	106
10	burger	2025-07-12	84
11	GDHJDSYDH1	2025-07-13	81
12	smica83	2025-07-12	61
13	mohit	2025-06-30	47
14	FXOLabs	2025-07-11	42
15	antigdi	2025-07-13	36

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
3'707	Sus_Obf_Enc_Spoof_Hide_PE	XiAnzheng	2025-07-13
3'160	unixredflags3	Tim Brown @timb_machine	2025-07-13
2'569	linux_generic_ipv6_catcher	@_lubiedo	2025-07-13
1'188	golang_bin_JCorn_CSC846	Justin Cornwell	2025-07-13
1'147	NET	malware-lu	2025-07-13
1'105	DebuggerCheck__API	None	2025-07-13
980	enterpriseapps2	Tim Brown @timb_machine	2025-07-13
861	Skystars_Malware_Imphash	Skystars LightDefender	2025-07-13
861	pe_imphash	None	2025-07-13
844	Linux_Trojan_Gafgyt_28a2fe0c	Elastic Security	2025-07-13
835	ELF_Mirai	NDA0E	2025-07-13
833	Sus_CMD_Powershell_Usage	XiAnzheng	2025-07-13
813	DetectEncryptedVariants	Zinyth	2025-07-13
796	pe_detect_tls_callbacks	None	2025-07-13
684	botnet_plaintext_c2	cip	2025-07-13

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
3'790	4f9f55fa6fd5601245068c412d1d458928de826e6d02362c1ff62ca6bd8891a7	xlsx		abuse_ch
3'648	01d12781392070c3326fbbe214b0562ba6bf2f02521e017c41780289dcbd227f	xlsx	Formbook	abuse_ch
3'614	54be816c4ffe69d6d52950f885f20f9566f6b209c479e01569af6ed6d641c91e	xlsx	SnakeKeylogger	abuse_ch
3'497	36828491280f3a41e3ce675cfcbbb85257a7b65e367f3df62992b57e459e99b5	doc		lowmal3
2'693	b19f1f290f5baf67e4b542fbf778adc04984a55a7f05eb9b1a26adeafeaeece3	xlsx	MassLogger	abuse_ch
1'690	af747282bf8a68dbd5d4b5db4fafbba61d0a418e27d62090844f36d039bef1f0	exe		SecuriteInfoCom
1'367	cbd1db1d117054fc747b0ce39a7ca8f260824c408a30d8a27ac36c8d0b6b18de	apk		mohit
1'051	872caeac3567b129ba58a84abfdd36064ecb6f3dd6538b2cc844c12431a8d106	exe	ValleyRAT	GDHJDSYDH1
1'012	a74543dfa11f5d57c7bbb586613d40daab0e8227aec7b787761dcd5228f4fa5f	exe	LummaStealer	aachum
990	0fad716dfb636e95feaf6b54f018d3b3337542970da77f7ef63de473fceaaf96	apk		mohit
781	07897be894f90e837ac00edd367ff159c9f9153749743aa699e471a7d07f7ce4	exe	Formbook	threatcat_ch
746	2740e9c875b6d70c61a6bbe6793d5820ca89ed0a479ff85c68dcbed917545d8e	exe	Formbook	threatcat_ch
739	fd6cffce948aff9c17134a6d29b5ba7722e65a7b385abef06fb357cd2b32b1e2	exe	AgentTesla	lowmal3
733	568e9427d77bbc71e8b1537c3668671cf65454c5596328f2a9317236c96a5597	exe	LummaStealer	antigdi
721	7b718b0293b6665fae6296da12329485e3a4ba430ca5d15ccbe86a251f27757e	exe	VIPKeylogger	FXOLabs

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
729	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger RedLineStealer
171	0b768923437678ce375719e30b21693e	Formbook MassLogger SnakeKeylogger AgentTesla
133	3d95adbf13bbe79dc24dccb401c12091	AgentTesla FormBook SnakeKeylogger NanoCore
79	bf95d1fc1d10de18b32654b123ad5e1f	LummaStealer Rhadamanthys Vidar ACRStealer
59	2eabe9054cad5152567f0699947a2c5b	LummaStealer Stealc Healer Amadey
54	b34f154ec913d2d2c435cbd644e91687	GuLoader RemcosRAT EpsilonStealer AgentTesla
32	6e7f9a29f2c85394521a08b9f31f6275	GuLoader AgentTesla RemcosRAT VIPKeylogger
30	f4639a0b3116c2cfc71144b88a929cfd	GuLoader Formbook VIPKeylogger Stealc
24	d42595b695fc008ef2c56aabd8efd68e	CobaltStrike Sliver CoinMiner LummaStealer
20	3abe302b6d9a1256e6a915429af4ffd2	GuLoader Formbook Loki RemcosRAT

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
128	12288:7A84JF9Qc8GgZxTM6m1U3snB6NnVuqnAtSyBpywBdlEykR6LkV6N0L8AXwtZJHZz:/M6m1U3rVuqAtSySwY1gEIZB
128	12288:iD6LPBCvMk0O9na1M80cLt9i5aIaTtpc4W:2+QGO9naz0Szi5anTtR	Mirai
127	12288:0GCt9AoZDmbOxeQPTyDez9kQ8jGMKhmmMnRpOeHc:Y9tZQO92DnhDmc
126	12288:XeBWVNQiXY8aap1qXG2YmzwcyxDKsFM+t9j+9+X:uQQAYLapnLmzwhtLy+t9j+
126	12288:ndLGtVtlmIHk6Rtx02O6R+9X8C5SGEzf:pGntlzJx02O6E9X8XG
124	12288:5D+Azf/CVCW3ISw+hRNb3W/aTyA9VV/cZWLnR98V+:5D+AznCVNIZ+vNbG/WYWrR98V
124	6144:O/izeB+/ow3gK2lc5bvyI0vOHD6BZkDgn358cIF3RI5HkdY1FP98/8ecjfP:3BohHKTyfvOHD6ByD4WcIMkuDmEesP
123	12288:NbX5mTA3bZNKiG01B7crv+SF7GW5a65jx:tX5m83bZNKi3B7AZXa	Gafgyt
6	1536:itnPsVkFxV8xk6b5VKLNXduAlCjFlIr57uscvIGiojd70k7h:VqVMkWV8PPX9Cjd70k7h	Mirai
6	768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8	Mirai

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
255	aae2f3e38383b629	128 x Formbook, 26 x SnakeKeylogger, 20 x AgentTesla
57	0000000000000000	17 x Formbook, 12 x SnakeKeylogger, 4 x MassLogger
24	9494b494d4aeaeac	11 x DCRat, 1 x Stealc, 1 x NanoCore
17	306296163498f230	6 x SnakeKeylogger, 1 x a310Logger, 1 x XWorm
15	69c8c4a68e88f0c4	5 x SnakeKeylogger, 4 x XWorm, 4 x Formbook
14	a25337335bbb1bba	5 x SnakeKeylogger, 3 x Formbook, 2 x VIPKeylogger
13	40b974c4d4602858	6 x Formbook, 3 x SnakeKeylogger, 2 x a310Logger
12	30cecaccccccce30	12 x ValleyRAT
12	f0e8ccb2d4d4f0f0	7 x Formbook, 2 x RemcosRAT, 1 x MassLogger
12	70f0fefefefef830	11 x VIPKeylogger, 1 x GuLoader