Statistics
MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.
Malware sample shared
The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.
Top Reporters
It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.
| Rank | Reporter | Last activity | Submissions |
|---|---|---|---|
| 1 |  @zbetcheckin | 2022-01-24 | 1'861 |
| 2 |  @abuse_ch | 2022-01-24 | 1'355 |
| 3 |  @Cryptolaemus1 | 2022-01-25 | 372 |
| 4 |  @r3dbU7z | 2022-01-24 | 335 |
| 5 |  @GovCERT_CH | 2022-01-25 | 278 |
| 6 |  @tolisec | 2022-01-25 | 222 |
| 7 |  @cocaman | 2022-01-25 | 218 |
| 8 |  @JAMESWT_MHT | 2022-01-24 | 169 |
| 9 |  @SecuriteInfoCom | 2022-01-24 | 132 |
| 10 |  @pr0xylife | 2022-01-24 | 105 |
| 11 |  @lowmal3 | 2022-01-24 | 97 |
| 12 |  @TeamDreier | 2022-01-24 | 85 |
| 13 |  @malwarelabnet | 2022-01-24 | 67 |
| 14 |  @James_inthe_box | 2022-01-24 | 66 |
| 15 |  @madjack_red | 2022-01-24 | 56 |
Top Malware Families
Top Tags
Most matching YARA rules
YARA rules that matched most on malware samples in MalwareBazaar.
| Malware Samples | YARA rule | Author | Last match |
|---|---|---|---|
| 1'101 | pe_imphash | 2022-01-25 | |
| 1'101 | Skystars_Malware_Imphash | Skystars LightDefender | 2022-01-25 |
| 752 | unixredflags3 | Tim Brown @timb_machine | 2022-01-24 |
| 708 | linux_generic_ipv6_catcher | @_lubiedo | 2022-01-25 |
| 605 | BitcoinAddress | Didier Stevens (@DidierStevens) | 2022-01-24 |
| 488 | Excel_Hidden_Macro_Sheet | 2022-01-24 | |
| 485 | SUSP_Excel4Macro_AutoOpen | John Lambert @JohnLaTwC | 2022-01-24 |
| 281 | Qbot | Dhanunjaya | 2022-01-24 |
| 257 | MALW_emotet | Marc Rivero | McAfee ATR Team | 2022-01-24 |
| 230 | MALWARE_Win_RedLine | ditekSHen | 2022-01-24 |
| 182 | SUSP_XORed_Mozilla | Florian Roth | 2022-01-24 |
| 182 | SUSP_XORed_Mozilla_RID2DB4 | Florian Roth | 2022-01-24 |
| 179 | enterpriseapps2 | Tim Brown @timb_machine | 2022-01-24 |
| 165 | MALWARE_Win_AgentTeslaV3 | ditekSHen | 2022-01-24 |
| 163 | ach_AgentTesla_20200929 | abuse.ch | 2022-01-24 |
Most downloaded Malware Samples
Most downloaded malware samples on MalwareBazaar.
xls
CAPE Sandbox
Top detections by CAPE Sandbox for malware samples on MalwareBazaar.
ClamAV
Top detections by ClamAV for malware samples on MalwareBazaar.
Intezer
Top detections by Intezer for malware samples on MalwareBazaar.
Joe Sandbox
Top detections by Joe Sandbox for malware samples on MalwareBazaar.
CERT.PL MWDB
Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.
ReversingLabs
Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.
Threatray
Top detections by Threatray for malware samples on MalwareBazaar.
Triage
Top detections by Triage for malware samples on MalwareBazaar.
UnpacMe
Top detections by UnpacMe for malware samples on MalwareBazaar.
VMRay
Top detections by VMRay for malware samples on MalwareBazaar.
FileScan.IO
Top classifications by FileScan.IO for malware samples on MalwareBazaar.
Top File Types
Most seen file types associated with malware samples on MalwareBazaar.
Top imphashes
Most seen imphashes on MalwareBazaar.
Top ssdeep hashes
Most seen ssdeep hashes on MalwareBazaar.
| Malware Sample | ssdeep | Signature(s) |
|---|---|---|
| 116 | 3072:4Rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAlhEvN8B/W6X1yxYovrepMUdQ6gSz4iq:Qk3hbdlylKsgqopeJBWhZFVE+W2NdAli | Heodo SilentBuilder |
| 73 | 1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr | Heodo SilentBuilder |
| 58 | 3072:Wuk3hbdlylKsgqopeJBWhZFGkE+cL2NdAxEvN8B/W6X1yxYovrepMUdQ6gSz4i:Fk3hbdlylKsgqopeJBWhZFVE+W2NdAmv | SilentBuilder Heodo |
| 17 | 3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK | Heodo SilentBuilder |
| 12 | 3072:yW+nBqmsk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIXxe53lGvFTQ3IzxgdrvxpU0S:t+nBqmsk3hbdlylKsgqopeJBWhZFVE+S | Heodo SilentBuilder |
| 12 | 1536:5lNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAfNzMk95+ooipzMk9o+oo:5Hk3hbdlylKsgqopeJBWhZFGkE+cL2NU | SilentBuilder Heodo |
| 11 | 3072:+5+nBqm9k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIMEvN8B/W6X1yxYovrepMUdQm:i+nBqm9k3hbdlylKsgqopeJBWhZFVE+g | Heodo SilentBuilder |
| 9 | 3072:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgtlyVEdBU6hubsll6UQjvxq:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgjT | SilentBuilder Heodo |
| 9 | 3072:yKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgQCyVEdBU6hubsll6UQjvxm:yKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgbr | SilentBuilder |
| 9 | 3072:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgtlyVEdBU6hubsll6UQjvxO:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgjv | SilentBuilder Heodo |
Top dhash icon
Most seen dhashes of icons from PE32 executables and their signatures.
| Malware Sample | dhash icon | Signature(s) |
|---|---|---|
| 261 | 71b119dcce576333 | 241 x Heodo |
| 158 | 79756cecb29999b9 | 157 x Heodo, 1 x BazaLoader |
| 157 | b2a89c96a2cada72 | 58 x Formbook, 53 x Loki, 22 x AgentTesla |
| 60 | 108480c0e6606008 | 47 x Heodo |
| 58 | a498afacb7b0a882 | 58 x Heodo |
| 44 | fcfcb4b4b494d9c1 | 31 x RedLineStealer, 4 x Smoke Loader, 3 x ArkeiStealer |
| 31 | 02172236860f3333 | 31 x Heodo |
| 29 | fcfcb4b4b4d4d9c1 | 20 x RedLineStealer, 4 x RaccoonStealer, 2 x ArkeiStealer |
| 27 | 9494b494d4aeaeac | 9 x DCRat, 2 x RedLineStealer, 1 x AsyncRAT |
| 26 | 1efef2c2e4a0e0e0 | 15 x AgentTesla, 3 x Formbook, 2 x Loki |
Malware sample shared
The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 12 months.
Top Reporters
It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.
| Rank | Reporter | Last activity | Submissions |
|---|---|---|---|
| 1 | @abuse_ch | 2022-01-24 | 92'315 |
| 2 |  @lazyactivist192 | 2021-04-26 | 69'725 |
| 3 | @Cryptolaemus1 | 2022-01-25 | 55'316 |
| 4 |  @Seifreed | 2021-10-19 | 48'947 |
| 5 |  @c4llsec | 2021-05-19 | 23'982 |
| 6 | @zbetcheckin | 2022-01-24 | 20'770 |
| 7 | @JAMESWT_MHT | 2022-01-24 | 18'374 |
| 8 |  @Libranalysis | 2022-01-21 | 17'025 |
| 9 | @cocaman | 2022-01-25 | 12'191 |
| 10 | @SecuriteInfoCom | 2022-01-24 | 11'129 |
| 11 | @GovCERT_CH | 2022-01-25 | 9'158 |
| 12 |  @FORMALITYDE | 2021-12-07 | 5'555 |
| 13 |  @jarumlus | 2021-09-28 | 5'360 |
| 14 | @James_inthe_box | 2022-01-24 | 5'360 |
| 15 | @lowmal3 | 2022-01-24 | 3'535 |
Top Malware Families
Top Tags
Most matching YARA rules
YARA rules that matched most on malware samples in MalwareBazaar.
| Malware Samples | YARA rule | Author | Last match |
|---|---|---|---|
| 78'468 | SharedStrings | Katie Kleemola | 2021-12-26 |
| 76'694 | Email_stealer_bin_mem | James_inthe_box | 2021-12-26 |
| 74'496 | Select_from_enumeration | James_inthe_box | 2021-12-26 |
| 73'328 | UAC_bypass_bin_mem | James_inthe_box | 2022-01-06 |
| 71'636 | IPPort_combo_mem | James_inthe_box | 2022-01-17 |
| 45'492 | Cobalt_functions | @j0sm1 | 2021-07-13 |
| 29'563 | MALWARE_Win_DLLLoader | ditekSHen | 2021-12-26 |
| 28'408 | DridexV4 | kevoreilly | 2021-12-26 |
| 28'071 | ach_Dridex_xls_20200528 | abuse.ch | 2021-12-09 |
| 25'931 | Skystars_Malware_Imphash | Skystars LightDefender | 2022-01-25 |
| 25'431 | Win32_Trojan_Emotet | ReversingLabs | 2022-01-04 |
| 25'034 | DridexLoader | kevoreilly | 2021-12-31 |
| 23'581 | win_dridex_auto | Felix Bilstein | 2021-12-26 |
| 23'079 | ach_Quakbot_xlsb_20201023 | abuse.ch | 2022-01-12 |
| 22'029 | win_sisfader_auto | Felix Bilstein | 2021-05-07 |
Most downloaded Malware Samples
Most downloaded malware samples on MalwareBazaar.
doc
dll
exe CAPE Sandbox
Top detections by CAPE Sandbox for malware samples on MalwareBazaar.
ClamAV
Top detections by ClamAV for malware samples on MalwareBazaar.
Intezer
Top detections by Intezer for malware samples on MalwareBazaar.
Joe Sandbox
Top detections by Joe Sandbox for malware samples on MalwareBazaar.
CERT.PL MWDB
Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.
ReversingLabs
Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.
Threatray
Top detections by Threatray for malware samples on MalwareBazaar.
Triage
Top detections by Triage for malware samples on MalwareBazaar.
UnpacMe
Top detections by UnpacMe for malware samples on MalwareBazaar.
VMRay
Top detections by VMRay for malware samples on MalwareBazaar.
FileScan.IO
Top classifications by FileScan.IO for malware samples on MalwareBazaar.
Most discussed Malware Samples
Most discussed (commented) malware samples on MalwareBazaar.
htaTop File Types
Most seen file types associated with malware samples on MalwareBazaar.
Top imphashes
Most seen imphashes on MalwareBazaar.
Top ssdeep hashes
Most seen ssdeep hashes on MalwareBazaar.
| Malware Sample | ssdeep | Signature(s) |
|---|---|---|
| 1'124 | 12288:J2+J+l5QvSoOUkQNPRoswLLjfsHJNF05s:AJl5QrrkQFCHspN4 | Quakbot |
| 1'123 | 12288:U2+J+l5QvSoOUkQGPRoswLLjfsHJNF05F:PJl5QrrkQOCHspN4 | Quakbot |
| 1'121 | 12288:l2+J+l5QvSoOUkQiPRoswLLjfsHJNF05h:8Jl5QrrkQaCHspN4 | Quakbot |
| 373 | 3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2 | Gozi Heodo |
| 307 | 12288:xyP2Md2hn+tDKFtKwK5KLK6KYK5KlK3K1aoNl7Mv+lwVwy:grdO+tDKFQoNOml | TrickBot |
| 180 | 384:PnqmQF9b8PdvtUuiyaFwrEnO2/7vUyV2aGcuFjqZUb:Cme9bodlpkqkOOjU/aGciqUb | Quakbot |
| 180 | 384:fnqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:yme9bodlpkqkOOjUdaGciq5g | Quakbot |
| 180 | 384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:Sme9bodlpkqkOOjUdaGciq5g | Quakbot |
| 179 | 384:jnqmQF9b8PdvtUuiyaFwrEnO2/7vUjqN2aGcuFjqZM:eme9bodlpkqkOOjUjqgaGciqM | Quakbot |
| 179 | 384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUjqN2aGcuFjqZM:Sme9bodlpkqkOOjUjqgaGciqM | Quakbot |
Top dhash icon
Most seen dhashes of icons from PE32 executables and their signatures.
| Malware Sample | dhash icon | Signature(s) |
|---|---|---|
| 1'247 | b2a89c96a2cada72 | 533 x Formbook, 241 x Loki, 105 x AgentTesla |
| 508 | 71b119dcce576333 | 260 x Heodo, 200 x TrickBot, 8 x BazaLoader |
| 388 | ead8ac9cc6e68ee0 | 118 x RaccoonStealer, 102 x RedLineStealer, 45 x Smoke Loader |
| 292 | 399998ecd4d46c0e | 136 x ArkeiStealer, 115 x Quakbot, 15 x Matanbuchus |
| 276 | 4839b2b4e8c38890 | 137 x RaccoonStealer, 37 x Smoke Loader, 30 x RedLineStealer |
| 272 | 4839b234e8c38890 | 104 x RaccoonStealer, 53 x RedLineStealer, 46 x ArkeiStealer |
| 264 | 4839b2b0e8c38890 | 105 x RaccoonStealer, 38 x Smoke Loader, 33 x RedLineStealer |
| 243 | 0000000000000000 | 43 x RedLineStealer, 36 x AgentTesla, 27 x TrickBot |
| 225 | fcfcd4d4d4d4d8c0 | 74 x RedLineStealer, 56 x RaccoonStealer, 23 x Smoke Loader |
| 214 | ead8ac9cc6a68ee0 | 93 x RedLineStealer, 50 x RaccoonStealer, 15 x Smoke Loader |
Most discussed Malware Samples
Most discussed (commented) malware samples on MalwareBazaar.