Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	cocaman	2024-07-26	2'990
2	zbetcheckin	2024-07-27	558
3	abuse_ch	2024-07-27	540
4	Bitsight	2024-07-27	384
5	SecuriteInfoCom	2024-07-27	331
6	JAMESWT_MHT	2024-07-26	301
7	lowmal3	2024-07-26	152
8	NDA0E	2024-07-26	90
9	TeamDreier	2024-07-26	89
10	lontze7	2024-07-26	66
11	elfdigest	2024-07-25	57
12	fabiodemartin	2024-07-24	55
13	threatquery	2024-07-26	54
14	threatcat_ch	2024-07-26	52
15	vm001cn	2024-07-26	49

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
1'600	DebuggerCheck__API	None	2024-07-27
1'336	maldoc_find_kernel32_base_method_1	Didier Stevens (https://DidierStevens.com)	2024-07-27
1'046	NET	malware-lu	2024-07-27
1'031	maldoc_getEIP_method_1	Didier Stevens (https://DidierStevens.com)	2024-07-27
937	meth_get_eip	Willi Ballenthin	2024-07-27
816	shellcode	nex	2024-07-27
764	Skystars_Malware_Imphash	Skystars LightDefender	2024-07-27
764	pe_imphash	None	2024-07-27
724	MD5_Constants	phoul (@phoul)	2024-07-27
555	RIPEMD160_Constants	phoul (@phoul)	2024-07-27
555	SHA1_Constants	phoul (@phoul)	2024-07-27
523	NETexecutableMicrosoft	malware-lu	2024-07-27
491	PE_Digital_Certificate	albertzsigovits	2024-07-27
490	PE_Potentially_Signed_Digital_Certificate	albertzsigovits	2024-07-27
441	DebuggerException__SetConsoleCtrl	None	2024-07-27

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
3'378	7030ce2168e0d5c36dd6c7ac5e367f63cabd5605d7c7ee621c6a9aaec201d2ea	xlsx	AgentTesla	Anonymous
3'354	287b02d9d7c00db7ec206646bc91a6adc39e0ffc2d6c772257661b23b5e8c482	xlsx		cocaman
3'064	c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf	xlsx		cocaman
2'757	fffca1c358c5dd1e34379de0ca25401491072cb6722d4ff866126a7e0996c85c	doc	AgentTesla	lowmal3
2'745	aacaf712cf67176f159657be2fbd0fce018aa03b890cb1616b146eddb1de73be	doc		smica83
2'627	a7113afc816d7271162798bbc5ef67b744336160c016ffe5fddf1107e6417478	doc	SnakeKeylogger	lowmal3
2'616	803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61	docm		malwarology
2'610	b74bbed109e630f69004a7372b4271fad04ace2cea48e99d730401738ee47deb	doc	Formbook	lowmal3
2'606	65df1a97a96e38171c4feaab4eab22186b9a1dc9d7fcf601b3247376dfc74d63	doc	Formbook	lowmal3
2'582	cb1c71d543c97f73ae8f9daa7df5ce0521fa7c45cb3196769df83247f5ce80ed	doc		TeamDreier
2'576	5685ac180e320c50a6c4d70569a15d317f9b03baf71091b84f0915cec512869e	doc	AgentTesla	lowmal3
2'564	f47ed185c87184f8f9b70ecae8bc0bcbfbba601ca52478f5cff1ae0c0f5a56a3	doc		lowmal3
2'560	066928f02fef0d33f9e38b4bd696ae89104b033cc122b1085a0356539f89a21f	doc	Formbook	lowmal3
2'479	5dc96311ffca3ae13e805020a61d276e2a2b1032e2ecc87a05f86c346e90d47c	doc		TeamDreier
2'448	bf0fb9348736b302afeb9167c53d54f437963fe3024acd86673c8175b4ec16cc	doc	AgentTesla	lowmal3

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
761	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger Loki
255	948cc502fe9226992dce9417f952fce3	AgentTesla Formbook RemcosRAT RedLineStealer
80	afcdf79be1557326c854b6e20cb900a7	AgentTesla RemcosRAT FormBook NanoCore
67	a38d03d2b3d291f90f0d200bd42f8abf	Stealc RedLineStealer PureLogStealer
54	2eabe9054cad5152567f0699947a2c5b	RiseProStealer Amadey RedLineStealer Worm.Ramnit
46	001806c33a6e9fe5fbff34bdbd79b591	Stealc MarsStealer Amadey
36	332f7ce65ead0adfb3d35147033aabe9	SnakeKeylogger AgentTesla Gh0stRAT DarkComet
32	5877688b4859ffd051f6be3b8e0cd533	Babadeda DCRat RedLineStealer NanoCore
30	e221f4f7d36469d53810a4b5f9fc8966	GuLoader Formbook AZORult SnakeKeylogger
26	884310b1928934402ea6fec1dbd3cf5e	GCleaner Socks5Systemz RaccoonStealer RedLineStealer

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
3	24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8aLF/IcUuJ94fdFc:oTvC/MTQYxsWR7aLFRUuiF	Loki
2	12288:sp4+EpVjZsEpt4Q8gn/pu6JnTzk9Sv+LWK+WGnsVNvlkYkBCdonHi6NQkt8YfhvN:m4Fpl+yD8c/sXwnmYk4HtSkt8WhMUP	RemcosRAT
2	24576:MqDEvCTbMWu7rQYlBQcBiT6rprG8aLV2Sbly7TWEPje:MTvC/MTQYxsWR7aLV2dW
2	24576:OSn+3rwYCD+7ZLCNDPLrsfMcSpm471n2DU0b54cp:yCD+7ANrvsfMTjJn2om3	Amadey
2	24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8aLU2Sbly7TWEPje:tTvC/MTQYxsWR7aLU2dW
2	98304:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5C2:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmB2	DarkComet
2	24576:eHxC5X2IUR8QH6/ZDjq5wjaiFA0ASVjGSF:GwGIUGQa/ZPdjSgjG
2	24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aLr2Sbly7TWEPje:ZTvC/MTQYxsWR7aLr2dW
2	24576:nqDEvCTbMWu7rQYlBQcBiT6rprG8aLl2Sbly7TWEPje:nTvC/MTQYxsWR7aLl2dW
2	49152:o8xhCcpCNPulYCFckZHvEdM1jegx7oOCM1Gn72tESduILWMJd33eRkX2EuFgtDGg:NhrChV+cU/NeBPMY72tRR0EuUG	DCRat

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
296	aae2f3e38383b629	35 x Formbook, 24 x AgentTesla, 15 x RedLineStealer
40	b298acbab2ca7a72	20 x Socks5Systemz, 1 x Arechclient2, 1 x Adware.ExtenBro
38	0000000000000000	16 x RedLineStealer, 3 x Worm.Ramnit, 2 x RemcosRAT
27	8880a0a2a6ce988c	14 x Formbook, 4 x SnakeKeylogger, 2 x AgentTesla
25	9494b494d4aeaeac	15 x DCRat, 2 x CoinMiner, 1 x RaspberryRobin
20	68d0f4d8d9f0e9d8	3 x Formbook, 2 x AgentTesla, 1 x RemcosRAT
15	c08291d8f87cbc5c	n/a
15	5c59da3ce0c1c850	7 x Worm.Ramnit, 3 x Smoke Loader, 2 x Stop
15	380f61ecc4ec5169	8 x Formbook, 4 x PureLogStealer, 2 x RemcosRAT
15	92b2aca6a6ba8e9e	5 x PureCrypter, 1 x AgentTesla, 1 x SnakeKeylogger