MalwareBazaar Database
This page shows some basic information the YARA rule weird_zip_high_compression_ratio including corresponding malware samples.
Database Entry
| YARA Rule: | weird_zip_high_compression_ratio |
|---|---|
| Author: | Maxime THIEBAUT (@0xThiebaut) |
| Description: | Detects single-entry ZIP files with a suspiciously high compression ratio (>100:1) and decompressed size above the 500MB AV limit |
| Firstseen: | 2023-04-08 16:29:32 UTC |
| Lastseen: | 2025-11-28 12:45:32 UTC |
| Sightings: | 185 |
Malware Samples
The table below shows all malware samples that matching this particular YARA rule (max 1000).
| Firstseen (UTC) | SHA256 hash | Tags | Signature | Reporter |
|---|