Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

https://www.spamhaus.org/malware-digest/#malwarebazaar

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	abuse_ch	2025-07-08	4'316
2	adrian__luca	2025-07-07	706
3	SecuriteInfoCom	2025-07-08	236
4	JAMESWT_WT	2025-07-07	173
5	aachum	2025-07-05	151
6	cocaman	2025-07-07	111
7	skocherhan	2025-07-08	102
8	lowmal3	2025-07-07	96
9	threatcat_ch	2025-07-08	93
10	burger	2025-07-07	85
11	smica83	2025-07-07	81
12	GDHJDSYDH1	2025-07-08	75
13	antigdi	2025-07-06	62
14	mohit	2025-06-30	61
15	TheRavenFile	2025-07-07	60

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
3'636	Sus_Obf_Enc_Spoof_Hide_PE	XiAnzheng	2025-07-08
2'567	unixredflags3	Tim Brown @timb_machine	2025-07-08
2'073	linux_generic_ipv6_catcher	@_lubiedo	2025-07-08
1'216	golang_bin_JCorn_CSC846	Justin Cornwell	2025-07-08
1'100	DebuggerCheck__API	None	2025-07-08
1'013	NET	malware-lu	2025-07-08
886	pe_detect_tls_callbacks	None	2025-07-08
870	enterpriseapps2	Tim Brown @timb_machine	2025-07-08
831	Skystars_Malware_Imphash	Skystars LightDefender	2025-07-08
831	pe_imphash	None	2025-07-08
816	Sus_CMD_Powershell_Usage	XiAnzheng	2025-07-08
799	DetectEncryptedVariants	Zinyth	2025-07-08
607	botnet_plaintext_c2	cip	2025-07-08
592	ELF_Mirai	NDA0E	2025-07-07
572	NETexecutableMicrosoft	malware-lu	2025-07-08

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
8'148	4b2b411e03aafaa19ea93286fadd39a5134f4a039db2d5019b1054547c0d5601	apk	SpyNote	burger
6'088	68b449139cbe7d5e2b33408bd3c270c1f97d98f6619f932f79476c7360e1f1cb	apk		mohit
4'251	ff3169bc112b0773eec49a4c091edd7756eb72ef2e60c23c30161f003f752509	apk		motmaenbash
4'146	054d8079114764f5803ba80e969c63a7dce17ceed1e0971762e434ab04173333	doc		FXOLabs
4'123	b1e49abd9b0d7c411ff72b94e6c75ba7da1d3fefdce3777ffa64e93734621509	apk		johnk3r
4'081	9f68329271bbea3de177daed034b1bf328a6c158ddbff7c47e0a3ef3490eb7ad	doc		smica83
3'829	d1b07372681855ea0e3d5b0ce94e41afc3208adf536e2d5cdc4a386edbf085f4	doc		Anonymous
3'817	1c7f9e1ddbeb5763d76a305137bc720bf2764a199bee64c644ebcef4febdba19	xlsx		abuse_ch
3'787	4f9f55fa6fd5601245068c412d1d458928de826e6d02362c1ff62ca6bd8891a7	xlsx		abuse_ch
3'784	87b6d11d7f2ece2be494b9af9900632b0cc4c844b9ec0db43d5d0efb7aa19f99	docm		smica83
3'733	31ce7fd6a22ae48712c67d1c2bbffe940652bbffb07af4ed0229889d4577fc4e	doc		JAMESWT_WT
3'694	a218c42ec8b06bb2a70ca4cb1b45449b18b5f840d3dab1304f2f148056a0c097	doc		JAMESWT_WT
3'665	f8269774b9f178a42a5f440073fb780a23eaa53cc667af14c2f13185d2daedec	doc		JAMESWT_WT
3'662	85bd6a7d0c4dbdb4a284730655d249abb312dd76f2295cdfa316f4ba23f1914c	doc		JAMESWT_WT
3'645	01d12781392070c3326fbbe214b0562ba6bf2f02521e017c41780289dcbd227f	xlsx	Formbook	abuse_ch

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
703	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger RedLineStealer
210	0b768923437678ce375719e30b21693e	Formbook MassLogger SnakeKeylogger AgentTesla
94	3d95adbf13bbe79dc24dccb401c12091	AgentTesla FormBook SnakeKeylogger NanoCore
87	2eabe9054cad5152567f0699947a2c5b	LummaStealer Stealc Healer Amadey
78	bf95d1fc1d10de18b32654b123ad5e1f	LummaStealer Rhadamanthys Vidar ACRStealer
60	b34f154ec913d2d2c435cbd644e91687	GuLoader RemcosRAT EpsilonStealer AgentTesla
32	6e7f9a29f2c85394521a08b9f31f6275	GuLoader AgentTesla VIPKeylogger RemcosRAT
30	f4639a0b3116c2cfc71144b88a929cfd	GuLoader Formbook VIPKeylogger Stealc
29	d42595b695fc008ef2c56aabd8efd68e	CobaltStrike Sliver CoinMiner LummaStealer
22	12e12319f1029ec4f8fcbed7e82df162	DCRat RedLineStealer Formbook SnakeKeylogger

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
129	12288:iD6LPBCvMk0O9na1M80cLt9i5aIaTtpc4W:2+QGO9naz0Szi5anTtR	Mirai
125	12288:NbX5mTA3bZNKiG01B7crv+SF7GW5a65jx:tX5m83bZNKi3B7AZXa
125	12288:5D+Azf/CVCW3ISw+hRNb3W/aTyA9VV/cZWLnR98V+:5D+AznCVNIZ+vNbG/WYWrR98V
124	12288:7A84JF9Qc8GgZxTM6m1U3snB6NnVuqnAtSyBpywBdlEykR6LkV6N0L8AXwtZJHZz:/M6m1U3rVuqAtSySwY1gEIZB
124	12288:0GCt9AoZDmbOxeQPTyDez9kQ8jGMKhmmMnRpOeHc:Y9tZQO92DnhDmc
124	12288:XeBWVNQiXY8aap1qXG2YmzwcyxDKsFM+t9j+9+X:uQQAYLapnLmzwhtLy+t9j+
121	6144:O/izeB+/ow3gK2lc5bvyI0vOHD6BZkDgn358cIF3RI5HkdY1FP98/8ecjfP:3BohHKTyfvOHD6ByD4WcIMkuDmEesP
120	12288:ndLGtVtlmIHk6Rtx02O6R+9X8C5SGEzf:pGntlzJx02O6E9X8XG
7	768:raehM993TLSmRTIrL8Fvvhp9H0HrZQ8yoWXagcLVPWtuQ/C71mA2EDEy0eYjW9TF:/M99jmL8BZp9IFUoWKdYuvQ5KIqkypZ	Mirai
7	1536:itnPsVkFxV8xk6b5VKLNXduAlCjFlIr57uscvIGiojd70k7h:VqVMkWV8PPX9Cjd70k7h	Mirai

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
270	aae2f3e38383b629	130 x Formbook, 32 x SnakeKeylogger, 22 x AgentTesla
54	0000000000000000	17 x Formbook, 12 x SnakeKeylogger, 4 x MassLogger
28	9494b494d4aeaeac	15 x DCRat, 2 x Rhadamanthys, 1 x AsyncRAT
18	a8cccc949494b4d4	6 x SnakeKeylogger, 5 x AgentTesla, 2 x Formbook
18	1a71c0aaaaaa0203	10 x Formbook, 2 x RemcosRAT, 2 x SnakeKeylogger
15	69c8c4a68e88f0c4	5 x SnakeKeylogger, 4 x XWorm, 4 x Formbook
15	7cf6b6aa8ed8e8b4	7 x Formbook, 4 x DBatLoader, 2 x RemcosRAT
14	a25337335bbb1bba	5 x SnakeKeylogger, 3 x Formbook, 2 x VIPKeylogger
14	a808f89e88e02210	9 x VIPKeylogger, 5 x GuLoader
14	399998ecd4d46c0e	9 x GCleaner, 4 x SharkStealer