MalwareBazaar Database

You are browsing the malware sample database of MalwareBazaar. If you would like to contribute malware samples to the corpus, you can do so through either using the web upload or the API.


Submissions (past 24 hours)


Most seen malware family (past 24 hours)


Malware samples in corpus

Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • md5:1b109efade90ace7d953507adb1f1563 ( run)
  • sha256:11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44 ( run)
  • signature:CobaltStrike ( run)
  • tag:TA505 ( run)
  • file_type:rtf ( run)
  • user:malware_traffic ( run)
  • ( run)
  • yara:win_asyncrat_j1 ( run)
  • serial_number:51CD5393514F7ACE2B407C3DBFB09D8D ( run)
  • issuer_cn:Sectigo RSA Code Signing CA ( run)
  • imphash:756fdea446bc618b4804509775306c0d ( run)
  • tlsh:8DD484F440EF10A2F25F852936ADBE9401B2B1C7DBDA5E08137DE5311BBDA633A0564D ( run)
  • telfhash:52d0a7c198b4972c99e60578ed5c5bb29106216620070b20cf10a5d4d83b440f40db59 ( run)
  • dhash_icon:f8dcbeffbffecee8 ( run)

Date (UTC)SHA256 hashTypeSignatureTagsReporterDL
2022-01-15 08:2699a6b979823a1de5127de403a90d9b485e713dd74db15f0aa6ab3dda1006312bExecutable exe exe @abuse_ch
2022-01-15 08:260c370f804fb91c1eef5fbe4e1070d90a5ab9c8e1024a202df3b2e25d3b8b6369Executable exeOnlyLoggerexe OnlyLogger @abuse_ch
2022-01-14 11:56a771e073fa4ba6ef336ab59ae52114c034d5725a7731dfb1593a764688f7dc16Executable exeRedLineStealerexe RedLineStealer @abuse_ch
2022-01-14 11:21164149035d4a3d2edba76c0601f6f83e04d45d7c057d221130c57fc9b13fd5b5Executable exeRedLineStealerexe RedLineStealer @abuse_ch
2022-01-14 11:1693fddb1a745fec7ae8bc3a7f8d66ce73b1841998e9b0589790e924ff6efb6a05Executable exeRedLineStealerexe RedLineStealer @abuse_ch