Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	abuse_ch	2023-11-30	672
2	andretavare5	2023-11-29	593
3	zbetcheckin	2023-11-30	355
4	SecuriteInfoCom	2023-11-29	331
5	JAMESWT_MHT	2023-11-29	236
6	cocaman	2023-11-29	221
7	lowmal3	2023-11-29	193
8	elfdigest	2023-11-29	113
9	NIXLovesCooper	2023-11-29	84
10	smica83	2023-11-29	74
11	adrian__luca	2023-11-27	66
12	fabiodemartin	2023-11-29	59
13	James_inthe_box	2023-11-29	53
14	pmelson	2023-11-29	47
15	malwarelabnet	2023-11-29	45

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
794	NET	malware-lu	2023-11-30
763	Skystars_Malware_Imphash	Skystars LightDefender	2023-11-29
763	pe_imphash	None	2023-11-29
684	DebuggerCheck__API	None	2023-11-30
526	maldoc_find_kernel32_base_method_1	Didier Stevens (https://DidierStevens.com)	2023-11-30
477	NETexecutableMicrosoft	malware-lu	2023-11-29
365	MD5_Constants	phoul (@phoul)	2023-11-30
262	pe_no_import_table	None	2023-11-29
257	DebuggerCheck__QueryInfo	None	2023-11-30
229	INDICATOR_SUSPICIOUS_Binary_References_Browsers	ditekSHen	2023-11-30
223	maldoc_getEIP_method_1	Didier Stevens (https://DidierStevens.com)	2023-11-29
215	shellcode	nex	2023-11-29
199	RIPEMD160_Constants	phoul (@phoul)	2023-11-30
199	SHA1_Constants	phoul (@phoul)	2023-11-30
198	meth_get_eip	Willi Ballenthin	2023-11-29

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
968	c72d36a48701f9275db84dc7d0acae82304e6062ee48108e5507be32673133b6	xlsx	AgentTesla	abuse_ch
942	c38075212f7565441edf9d67d0edcd35158da4ffb87719900ef1e47ccb199482	xlsx		maikxchd
931	022f8eb1dc8f85df1969b369707c4307a4e15ec0a33a0cb36c9611cb6d2fb133	xlsx	AgentTesla	abuse_ch
927	3bff4f95cc537a4ad075931d288e21a0640a1764a29a40f0b3ea0d89f54635a9	doc	AgentTesla	malwarelabnet
920	88a7d32830a0a2e9a971fd47daacbe9f1c6fe85e5062c92adb6899cdb420103b	xlsx		lowmal3
917	8cc1e052f26f92a3dbf9f39472ff1480165af4cc97f691512337cea470434b8e	xlsx	AgentTesla	abuse_ch
912	f94d94bd9114e1bc05024224f8253949f599335cc112c4b0652f2a7f4d5366be	xlsx	AgentTesla	abuse_ch
909	0a79d9a09643f301e8dbed261607546dff926210a9ba4efef99506cb6a76982c	xlsx		abuse_ch
906	62e9d7296de6b25e0c67785d5c39557dfa1fb099b5f1fab24dfa1bcdcd78989a	doc	RemcosRAT	lowmal3
901	f12a9220246114b76d86519b74bfb90ae0974f8479457f318914128ce3df4290	xlsx		cocaman
873	add081b89a77bac44ed5454a50e61ba7a858b86570e0654b3bf68a75e3dd3cc6	xlsx	AveMariaRAT	lowmal3
846	f4cf566217708d9c5e6d7bb3c39fa2acb5ae2ee86fd0fed9d19999f4b7b22eab	xlsm		NLLOFF
841	df6f30d1f50ef7c387700d1d8dd368c242634aca9a8beda2c0e95f5e7c2f9f37	xlsx	AgentTesla	lowmal3
822	a8407bd083e065222443737a0197f070b8ba1d30a7ef25e99ae3e0ef4af351b3	xlsx	AgentTesla	malwarelabnet
818	adc77c376bb24286de600515aae37a4d4e1136c9c349ee6c36531e397522258e	doc	NanoCore	NIXLovesCooper

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
812	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger Loki
144	646167cce332c1c252cdcb1839e0cf48	RedLineStealer Amadey Smoke Loader LummaStealer
78	078471ac5a76189ffe465abe0c89c6b7	RiseProStealer
75	7482a1595744a3c77ac9461f3f27a729	RiseProStealer
50	b76363e9cb88bf9390860da8e50999d2	Formbook AgentTesla SnakeKeylogger Loki
38	884310b1928934402ea6fec1dbd3cf5e	GCleaner Socks5Systemz RedLineStealer Socelars
33	3786a4cf8bfee8b4821db03449141df4	Adware.Neoreklami RedLineStealer
26	4328f7206db519cd4e82283211d98e83	RedLineStealer Arechclient2 DCRat CoinMiner
20	b34f154ec913d2d2c435cbd644e91687	GuLoader RemcosRAT AgentTesla Formbook
19	24cdc56b5fda73aeb4bb75aa4a21ffc3	RemcosRAT

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
61	24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WNI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTy	RiseProStealer
55	24576:NmmEs2wqfcRBxJCBEmAMpCOJMbgp2kvB1Pj5R+d3ThJgrU35Zln2i6:8dw/IyPxbgp2iB1Pju3TIrK5Zln2i6	RiseProStealer
19	24576:NmmEs2wqfcRBxJCBEmAMpCOJMbgp2kvB1Pj5R+d3ThJtrU35Zln2i6:8dw/IyPxbgp2iB1Pju3TVrK5Zln2i6	RiseProStealer
11	768:f8FhylJE+hwr5hN7F0I0bQyvUgq65DQVi:f8qlJEQwrDNuIyvD5sV	RedLineStealer LummaStealer
10	24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WtI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTS	RiseProStealer
7	24576:8N+bPGUvbX8AdjI9Bahe/wz78RaiyhrbnC3OlKekN4srzEhbaLUCKWmRlsSmYTzC:8wyYjI9EheW7WaiUy3V6baLUCmRlnmYq	RiseProStealer
3	1536:PaAtVnz1/mUUNztiYmW6ihiYLTofs3wfpWIDNEJ7JC7:P/tVz1eUUfwN0T0f+whWONEJ7J	Mirai
3	49152:O2YwvLbBL8IQbDbq6hhFiucmUHq2uK3njQJJmgBkVrAhUQCe4f4/fzdedvQRY0E:XfvXBLk42UHuK3jWXWKOe4fWdmQlE	Socks5Systemz
2	98304:Ad3L0TpNwgdnac+LdvXVajAqlxgc92ca6Qc3zQxHI7Fya0pYrAKlE:M3Lq6gdna/raEqwzca6QcjDopKu	Socks5Systemz
2	49152:UX2JWJuWy4rOP78N2xTS/Q6TNMAeGG+wqkDdWcuZC9baVhLKIyOnxLy5/INYO:8AqA4bNMAeLVdWRC9bO2IyOnhJYO	LummaStealer

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
146	f8f0f4c8c8c8d8f0	67 x RiseProStealer, 44 x RedLineStealer, 28 x LummaStealer
49	b298acbab2ca7a72	34 x Socks5Systemz, 2 x Arechclient2, 1 x RustyStealer
37	b2a89c96a2cada72	12 x GuLoader, 9 x RemcosRAT, 8 x Formbook
34	848c5454baf47474	33 x Adware.Neoreklami
23	68c4d2d2725a5252	10 x Formbook, 8 x AgentTesla, 2 x SnakeKeylogger
22	15cce4f4d0d8cc53	12 x Formbook, 5 x AgentTesla, 3 x RemcosRAT
20	0000000000000000	9 x AgentTesla, 2 x RedLineStealer, 2 x AsyncRAT
20	20c89c88e63c4c12	10 x AgentTesla, 7 x Formbook, 1 x Loki
17	c4c6dcccecf8b4b8	12 x AgentTesla, 3 x Formbook, 2 x RemcosRAT
16	c4d48eaa8ad4d4f8	16 x RemcosRAT