Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1 abuse_ch2026-01-303'332
2 Bitsight2026-01-30561
3 JAMESWT_WT2026-01-29165
4 aachum2026-01-29153
5 adrian__luca2026-01-26138
6 burger2026-01-28123
7 smica832026-01-29104
8 lowmal32026-01-2987
9 zhuzhu00092026-01-2971
10 SecuriteInfoCom2026-01-2966
11 James_inthe_box2026-01-2965
12 Ling2026-01-2949
13 threatcat_ch2026-01-2943
14 johnk3r2026-01-2929
15 FXOLabs2026-01-2926

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware SamplesYARA ruleAuthorLast match
2'218unixredflags3Tim Brown @timb_machine2026-01-30
1'265CP_Script_Inject_DetectorDiegoAnalytics2026-01-29
1'241linux_generic_ipv6_catcher@_lubiedo2026-01-30
1'019golang_bin_JCorn_CSC846Justin Cornwell2026-01-29
1'001ELF_Toriilike_persist4r42026-01-29
938DebuggerCheck__APINone2026-01-30
745DetectEncryptedVariantsZinyth2026-01-29
635pe_detect_tls_callbacksNone2026-01-30
599FreddyBearDropperDwarozh Hoshiar2026-01-29
587Sus_CMD_Powershell_UsageXiAnzheng2026-01-29
585RANSOMWAREToroGuitar2026-01-29
480setsockoptTim Brown @timb_machine2026-01-29
451upx_packed_elf_v1RandomMalware2026-01-29
451NETmalware-lu2026-01-29
423ELF_MiraiNDA0E2026-01-29

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
6'68375cb064f489b12d4130786e1aa6963dfa2fc9de82b8d3b2150385ce9d65d27dc elfMirai abuse_ch
5'8685f522e269bf35cf78d80e6341ec953775adbffaf35871f710255f81d5ca0723c elfMirai abuse_ch
635baf0a124d8079ba9449f9ebf71e5dc2b54babdff15690f4f44e86fc9ad490decExecutable exe  burger
474e3d1aa310773e97c7b36b720c555c52dac09f3904177c75da367b0f0e51dc2fe zip Twitter Anonymous
423f390db222eb15b075a5885bd2083ca937b82b142c4b3b0a013c2a760b5d49461Java Script (JS) jsAsyncRAT abuse_ch
408fd3221d3e55b5242770210df8a425d292a85eb75700c7bf024b70a50c660bb8bJava Script (JS) jsAsyncRAT abuse_ch
379477f2b450c9ab43c968580d3e2f8613986320d50acdfe9126a2dfe49cc825387Visual Basic Script (vbs) vbsAsyncRAT abuse_ch
300335650f270bcbc765de5add883ca3e060ac3f7c02ddabff895fdaaba211becf7Executable exeQuasarRAT Bitsight
29904992163937ef12a2c994635daa146a1d90b10865f05d4e688c116fbe8433f95PowerShell (PS) ps1AsyncRAT James_inthe_box
2873575072c4dad0633d8e7916ddd4f75adddadae2d4ae01e6b0432845134cc919bExecutable exeAsyncRAT Bitsight
28575e50384053e487d49bae8f857fd39af0179c293496f0312072dbaf9af9c085cJava Script (JS) jsAsyncRAT smica83
270df8c3b637a6ce86745a1f6588e0ee822867754a5b4324506f0970ffc3b3a5cc5Java Script (JS) jsAsyncRAT lowmal3
267f80fd2c50c89d5671027e8a8154d8a589db5d102a2a2a20dd20e69a89d080d6dExecutable exeVidar Bitsight
264bc646f8bbe41c01dc21c63d7923cb23e345aad639babb744e7151a1cb57a168fExecutable exeVidar Bitsight
261e3bfc3b186db6e019abd85df97c9383902ba5b17469cde058739201f831c922aExecutable exe  Bitsight

ANY.RUN ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
251f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook SnakeKeylogger RedLineStealer
953786a4cf8bfee8b4821db03449141df4Adware.Neoreklami RedLineStealer Adware.MultiPlug
73d42595b695fc008ef2c56aabd8efd68eVidar Rhadamanthys Stealc LummaStealer
3941fb8cb2943df6de998b35a9d28668e8BlackMatter LockBit DragonForce Ransomware.LockBit
29884310b1928934402ea6fec1dbd3cf5eGCleaner Socks5Systemz RaccoonStealer RedLineStealer
274cea7ae85c87ddc7295d39ff9cda31d1RedLineStealer LummaStealer Rhadamanthys Smoke Loader
247d927f7b3a815d523d32714880218326GCleaner
2218cfd404188148ae61834d5a15cb322aGCleaner
229cbefe68f395e67356e2a5d8d1b285c0LummaStealer AuroraStealer Vidar LaplasClipper
2140ab50289f7ef5fae60801f88d4541fcValleyRAT Gh0stRAT OffLoader LummaStealer

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
6768:raehM993TLSmRTIrL8Fvvhp9H0HrZQ8yoWXagcLVPWtuQ/C71mA2EDEy0eYjW9TF:/M99jmL8BZp9IFUoWKdYuvQ5KIqkypZMirai
61536:itnPsVkFxV8xk6b5VKLNXduAlCjFlIr57uscvIGiojd70k7h:VqVMkWV8PPX9Cjd70k7hMirai
5768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8Mirai
4393216:tuqJ2i4eQObGUDkozmUttmljjOnLCaiKk3MRh9MYI+hQW7cwftlgDA4BZikRwtgu:gQOObGUDkozZTC/yLXikFjxgDHB9RwtTGoToResolve
23::Gozi
2393216:4xnFAe8sKst99ocLKs4u2h51WpSxHYIS9PciaeWjBZDYi:4xnFosZEPJ1KTPci1WXDYiPureHVNC
249152:y7sR5lKve3uurb/TMvO90d7HjmAFd4A64nsfJ+/udfCpGd/X8mMyHxoloYg15Q6o:C23uvGd/X8Stealc
23072:xsD2ADkpFGkTXlDJA6ba2esDetNxVgbTGV9X4:xplzpTVDVa2en/V6MpVertexRAT
23072:OBb4K+nqsnSjZldbaUXGSgqTWo1OWqEwztlMMTna:0OCDjXG9qTWywxlxTnaMirai
13072:jj2PHDpbldJEbSTBW4rLNs7yEJbz3zNPU+e643:jj27pblUmTHrLNkyEJ/f63ValleyRAT

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 12 months.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1 abuse_ch2026-01-30298'423
2 zbetcheckin2024-11-0978'688
3 lazyactivist1922024-01-1769'729
4 Cryptolaemus12024-03-2067'837
5 JAMESWT_WT2026-01-2950'435
6 seifreed2021-10-1948'947
7 SecuriteInfoCom2026-01-2941'744
8 andretavare52024-01-1835'831
9 cocaman2026-01-2332'563
10 adrian__luca2026-01-2618'255
11 Libranalysis2024-01-1717'035
12 GovCERT_CH2024-10-1815'559
13 lowmal32026-01-2915'543
14 Bitsight2026-01-3012'282
15 James_inthe_box2026-01-2910'600

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware SamplesYARA ruleAuthorLast match
135'433Skystars_Malware_ImphashSkystars LightDefender2026-01-29
98'658pe_imphashNone2026-01-29
97'050unixredflags3Tim Brown @timb_machine2026-01-30
89'242linux_generic_ipv6_catcher@_lubiedo2026-01-30
78'528SharedStringsKatie Kleemola2026-01-08
76'712Email_stealer_bin_memJames_inthe_box2024-06-13
74'506Select_from_enumerationJames_inthe_box2025-07-30
73'333UAC_bypass_bin_memJames_inthe_box2023-03-07
72'609Sus_Obf_Enc_Spoof_Hide_PEXiAnzheng2026-01-26
71'652IPPort_combo_memJames_inthe_box2025-12-01
65'652NETmalware-lu2026-01-29
64'139DebuggerCheck__APINone2026-01-30
51'183pe_imphash2026-01-29
45'508Cobalt_functions@j0sm12023-08-23
35'050golang_bin_JCorn_CSC846Justin Cornwell2026-01-29

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
72'09470ab26000929d26e0e4e567bd0dc4158054538485fcfd51dd4b60a534967814b lzhFirebirdRAT GovCERT_CH
52'972c88a22dae5d5564a33736d8cd43835eb46153bafe47fc6e8c267c3b89d4abf04 zip  l205306
42'34759494a51618f234021c0dae2d87667ce9e431b8a75a1b4952d3e48bf71492fbbExecutable exeAgentTesla cocaman
40'694c24ff50a15372a69690f4c7cd783609e92924ec38f2f42148573d35980f07cd3Executable exeLummaStealer abuse_ch
40'664b828382168a0077c7d5cd8faf44d5da19a4d852cfca7c85dae63de97e5dd6753Executable exeLummaStealer abuse_ch
32'6809fd06d80534b729cca8ad2affa0be6b3108c6a117e7b20f81470b2c01335453b elfMirai abuse_ch
32'5751509cb4a59087be095de34a01f19e292933a3133bc63de252555d0188d0710bd elf  abuse_ch
32'5722ee2eaa1fce89b91fb70dd2e853ac63b600c11feae4a1624fa90f1c6e33bc67c elfMirai abuse_ch
32'560a0f145290eaa8b3b74d83702f391952617262388779aa607dbaac524b4567266 elfMirai abuse_ch
32'544216ab12c56bba575bd40aaa5d602c062abb5fc8ac405f27a43619c3370d11707 elf  abuse_ch
30'788cdff50f4126445f55098d307fa40396a80396cc50d4d94c0c8a849b4de2b7da2Executable exeLummaStealer abuse_ch
30'493eb097b81a3a0a5510aec27b28fd7a140152eb217520fca3dd92f27a72d817045 elfMirai abuse_ch
30'455515eb18d3f105eb377e73dfa2ee34a24f50da54f0600d02d7914d41c916f3848 elfMirai abuse_ch
24'768b97e12807dcde2a8fd53d7f8e74336442d0cf8dbed19c0a44fcef359160bdd77PowerPoint file pptx  Neiki
24'7324e09c7b070043bd5bf50b7b2038dd170b491128eb28f5fdf61d9a07e831ece3cPowerPoint file pptx  cocaman

ANY.RUN ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
155'421f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook SnakeKeylogger RedLineStealer
14'820646167cce332c1c252cdcb1839e0cf48RedLineStealer Amadey Smoke Loader LummaStealer
9'777c9f7e018b269f1b5fe81cf757d6f8e93Heodo
8'7372eabe9054cad5152567f0699947a2c5bLummaStealer Stealc Healer Amadey
8'608987b9d7dc84d935c3675da82d40e06f2Dridex Gozi Tofsee VelvetSweatshopDridex
7'945884310b1928934402ea6fec1dbd3cf5eGCleaner Socks5Systemz RaccoonStealer RedLineStealer
4'377afcdf79be1557326c854b6e20cb900a7FormBook AgentTesla RemcosRAT RedLineStealer
3'62787bed5a7cba00c7e1f4015f1bdae2183Jadtre IcedID Blackmoon TrickBot
3'32061259b55b8912888e90f516ca08dc514Formbook AgentTesla GuLoader SnakeKeylogger
3'107948cc502fe9226992dce9417f952fce3CredentialFlusher Formbook AgentTesla RedLineStealer

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
1'12412288:J2+J+l5QvSoOUkQNPRoswLLjfsHJNF05s:AJl5QrrkQFCHspN4Quakbot
1'12312288:U2+J+l5QvSoOUkQGPRoswLLjfsHJNF05F:PJl5QrrkQOCHspN4Quakbot
1'12112288:l2+J+l5QvSoOUkQiPRoswLLjfsHJNF05h:8Jl5QrrkQaCHspN4Quakbot
5281536:1I+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+x:1I+HymsYk3hbdlylKsgqopeJBWhZFGkzSilentBuilder Heodo
52612288:iD6LPBCvMk0O9na1M80cLt9i5aIaTtpc4W:2+QGO9naz0Szi5anTtRMirai
4191536:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e3/:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxzSilentBuilder Heodo
416768:0Jlk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIZEtm/piJaiyH5YnJe+eO+8WoFYpLd:0rk3hbdlylKsgqopeJBWhZFGkE+cMLx6SilentBuilder Heodo
41012288:0GCt9AoZDmbOxeQPTyDez9kQ8jGMKhmmMnRpOeHc:Y9tZQO92DnhDmc
40812288:NbX5mTA3bZNKiG01B7crv+SF7GW5a65jx:tX5m83bZNKi3B7AZXaGafgyt
40112288:5D+Azf/CVCW3ISw+hRNb3W/aTyA9VV/cZWLnR98V+:5D+AznCVNIZ+vNbG/WYWrR98V

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)
15'390f8f0f4c8c8c8d8f08'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader
6'664aae2f3e38383b6292'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla
5'757b2a89c96a2cada722'283 x Formbook, 981 x Loki, 803 x AgentTesla
4'862b298acbab2ca7a722'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer
3'90071b119dcce5763333'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT
3'3730000000000000000872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer
2'708848c5454baf474742'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox
2'3329494b494d4aeaeac832 x DCRat, 172 x RedLineStealer, 134 x CryptOne
1'172399998ecd4d46c0e572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner
1'150fefce49e86c0fcfe884 x Socks5Systemz, 259 x RaccoonStealer