Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

https://www.spamhaus.org/malware-digest/#malwarebazaar

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	abuse_ch	2025-07-15	5'823
2	adrian__luca	2025-07-14	704
3	JAMESWT_WT	2025-07-15	231
4	aachum	2025-07-15	209
5	skocherhan	2025-07-15	179
6	SecuriteInfoCom	2025-07-15	178
7	burger	2025-07-15	130
8	threatcat_ch	2025-07-15	119
9	lowmal3	2025-07-15	118
10	cocaman	2025-07-15	98
11	GDHJDSYDH1	2025-07-13	75
12	smica83	2025-07-15	64
13	Joker	2025-07-15	36
14	antigdi	2025-07-15	35
15	FXOLabs	2025-07-15	33

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
3'849	Sus_Obf_Enc_Spoof_Hide_PE	XiAnzheng	2025-07-15
3'462	unixredflags3	Tim Brown @timb_machine	2025-07-15
2'874	linux_generic_ipv6_catcher	@_lubiedo	2025-07-15
1'243	golang_bin_JCorn_CSC846	Justin Cornwell	2025-07-15
1'195	NET	malware-lu	2025-07-15
1'158	DebuggerCheck__API	None	2025-07-15
1'107	Linux_Trojan_Gafgyt_28a2fe0c	Elastic Security	2025-07-15
1'040	ELF_Mirai	NDA0E	2025-07-15
957	enterpriseapps2	Tim Brown @timb_machine	2025-07-15
889	pe_imphash	None	2025-07-15
889	Skystars_Malware_Imphash	Skystars LightDefender	2025-07-15
849	DetectEncryptedVariants	Zinyth	2025-07-15
847	Sus_CMD_Powershell_Usage	XiAnzheng	2025-07-15
826	pe_detect_tls_callbacks	None	2025-07-15
822	botnet_plaintext_c2	cip	2025-07-15

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
1'690	af747282bf8a68dbd5d4b5db4fafbba61d0a418e27d62090844f36d039bef1f0	exe		SecuriteInfoCom
1'052	872caeac3567b129ba58a84abfdd36064ecb6f3dd6538b2cc844c12431a8d106	exe	ValleyRAT	GDHJDSYDH1
546	964ddfec70d3a306c1a2dcae6f7da397202b08c45eabe15c0f5ad84de77393ea	exe	LummaStealer	aachum
140	6a869ebca58a769522266fa0c475bb3f60ad75527ba358b7a1d143e03d604c79	exe	ValleyRAT	GDHJDSYDH1
125	549caa03c9aed64e4d13cad0a9f4ef45d8729d7e777a0749df6e2b2996dbea2d	exe	LummaStealer	aachum
122	d4919a7402d7ae02516589fbdfb3cc436749544052843a37b5d36ac4b7385b18	exe	INC	TheRavenFile
112	06c2a137c31aae5d02b4d7df61ffd31f1af9a9e59978f15b3f7265cc751bff1f	exe	Akira	TheRavenFile
107	fd42f07848568078d4beee04bc8704b8e6178676112de9c205d054e5895882ea	exe	LummaStealer	aachum
106	9c90b3ffdffcf2db7716c2c556dc633f9dddc471748753c34449f7314a73f5cb	exe	ValleyRAT	GDHJDSYDH1
89	a769c40ce48a38eed8897447081fc002d567535943befc4b51d866d134953588	apk	BingoMod	JAMESWT_WT
86	d0552d4acdd6f0df66e3217e8fd685b69011f8ec4ffb4b57a884f97436002706	pdf		sylvestrehiguchi
85	fad639fcc1401732c0de91a9e4d0950256e93a38023be935cf78c373e3e0a09b	pdf		antigdi
84	fc2b499708b2d20545c140906b0484546c8b3ff21341b8a5acd18f2063fa2bb5	exe	Akira	TheRavenFile
79	8b31874073fd9d5810247aea86d29dd37057cf23dd62c4e8c8bca5a483e65c0f	apk	BingoMod	JAMESWT_WT
77	a3c9a67b15abe9f7b6b8ecbba84f7242d2128c2f80b41d736cd95fa56b7a78c0	exe	ValleyRAT	GDHJDSYDH1

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
750	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger RedLineStealer
155	3d95adbf13bbe79dc24dccb401c12091	AgentTesla FormBook SnakeKeylogger NanoCore
142	0b768923437678ce375719e30b21693e	Formbook MassLogger SnakeKeylogger AgentTesla
108	bf95d1fc1d10de18b32654b123ad5e1f	LummaStealer Rhadamanthys Vidar ACRStealer
48	b34f154ec913d2d2c435cbd644e91687	GuLoader RemcosRAT EpsilonStealer AgentTesla
35	2eabe9054cad5152567f0699947a2c5b	LummaStealer Stealc Healer Amadey
34	6e7f9a29f2c85394521a08b9f31f6275	GuLoader AgentTesla RemcosRAT VIPKeylogger
31	f4639a0b3116c2cfc71144b88a929cfd	GuLoader Formbook VIPKeylogger Stealc
23	c990338f8145dc29c6f38fb73cf05c77	BlankGrabber ValleyRAT DiscordTokenStealer PythonStealer
22	12e12319f1029ec4f8fcbed7e82df162	DCRat RedLineStealer Formbook SnakeKeylogger

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
128	12288:iD6LPBCvMk0O9na1M80cLt9i5aIaTtpc4W:2+QGO9naz0Szi5anTtR	Mirai
126	12288:0GCt9AoZDmbOxeQPTyDez9kQ8jGMKhmmMnRpOeHc:Y9tZQO92DnhDmc
124	12288:ndLGtVtlmIHk6Rtx02O6R+9X8C5SGEzf:pGntlzJx02O6E9X8XG
123	12288:7A84JF9Qc8GgZxTM6m1U3snB6NnVuqnAtSyBpywBdlEykR6LkV6N0L8AXwtZJHZz:/M6m1U3rVuqAtSySwY1gEIZB
123	12288:NbX5mTA3bZNKiG01B7crv+SF7GW5a65jx:tX5m83bZNKi3B7AZXa	Gafgyt
122	6144:O/izeB+/ow3gK2lc5bvyI0vOHD6BZkDgn358cIF3RI5HkdY1FP98/8ecjfP:3BohHKTyfvOHD6ByD4WcIMkuDmEesP
119	12288:5D+Azf/CVCW3ISw+hRNb3W/aTyA9VV/cZWLnR98V+:5D+AznCVNIZ+vNbG/WYWrR98V
119	12288:XeBWVNQiXY8aap1qXG2YmzwcyxDKsFM+t9j+9+X:uQQAYLapnLmzwhtLy+t9j+
8	1536:nEbNn3E5sOq19Pj21ZXBbpuW+8nkSXeVSvhWy5UzS:+n3IxdpNkSXsKf5t	Mirai
7	1536:zag/Vdf5F1LwtkbaOoQ3veifs3guba/qzCEZaCw:zJzf5TLcQfPf+gehCEZa	Mirai

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
246	aae2f3e38383b629	125 x Formbook, 26 x SnakeKeylogger, 21 x AgentTesla
55	0000000000000000	16 x Formbook, 11 x SnakeKeylogger, 3 x AgentTesla
22	9494b494d4aeaeac	10 x DCRat, 2 x GCleaner, 1 x NanoCore
20	306296163498f230	6 x SnakeKeylogger, 2 x a310Logger, 2 x VIPKeylogger
19	cdabae6fe6e7eaec	7 x Amadey, 5 x AurotunStealer, 2 x njrat
18	ccb66361791992cc	9 x Formbook, 4 x VIPKeylogger, 2 x XWorm
15	69c8c4a68e88f0c4	5 x SnakeKeylogger, 4 x XWorm, 4 x Formbook
14	a25337335bbb1bba	5 x SnakeKeylogger, 3 x Formbook, 2 x VIPKeylogger
13	40b974c4d4602858	6 x Formbook, 3 x SnakeKeylogger, 2 x a310Logger
13	399998ecd4d46c0e	9 x GCleaner, 3 x SharkStealer, 1 x LummaStealer