Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	@andretavare5	2023-01-28	2'131
2	@abuse_ch	2023-01-28	1'213
3	@zbetcheckin	2023-01-28	558
4	@SecuriteInfoCom	2023-01-20	214
5	@jstrosch	2023-01-27	182
6	@cocaman	2023-01-27	159
7	@lowmal3	2023-01-27	115
8	@atomiczsec	2023-01-28	111
9	@0xToxin	2023-01-28	92
10	@JAMESWT_MHT	2023-01-26	84
11	@James_inthe_box	2023-01-26	70
12	@petikvx	2023-01-28	65
13	@adm1n_usa32	2023-01-28	60
14	@pr0xylife	2023-01-27	52
15	@TeamDreier	2023-01-26	51

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
1'594	pdb_YARAify	@wowabiy314	2023-01-28
1'191	pe_imphash	None	2023-01-28
1'189	Skystars_Malware_Imphash	Skystars LightDefender	2023-01-28
919	shellcode	nex	2023-01-28
899	cobalt_strike_tmp01925d3f	The DFIR Report	2023-01-28
898	Windows_Trojan_Smokeloader_3687686f	Elastic Security	2023-01-28
595	win_gcleaner_auto	Felix Bilstein	2023-01-28
385	MALWARE_Win_RedLine	ditekSHen	2023-01-28
316	BitcoinAddress	Didier Stevens (@DidierStevens)	2023-01-28
308	meth_get_eip	Willi Ballenthin	2023-01-28
195	myMirai	None	2023-01-28
187	unixredflags3	Tim Brown @timb_machine	2023-01-28
177	yara_template	None	2023-01-28
163	linux_generic_ipv6_catcher	@_lubiedo	2023-01-28
153	meth_stackstrings	Willi Ballenthin	2023-01-28

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
22'812	2ae29fff50afc21422c12b4e64b055df4d342fb493a667e18b6dda7ad3403857	exe	Smoke Loader	@andretavare5
17'739	430dbb439bf85fd2a8846a43c0b0615305ef25ac8b9496d272c2dbefd3158ed2	exe	SnakeKeylogger	@abuse_ch
3'489	aa6f57bb39808d9948c98d82c592be6db51230e74be46a1181103c246e8c6681	exe		@abuse_ch
1'299	6326bea9cec6e2baec63ed96cd31a97770c6a63b96d1169a8b5586ec071c8778	exe	LgoogLoader	@andretavare5
598	737bff8488486744c65118caaadaa03cc43981ec3c5b6c6bea544f3366f0873a	exe	Gozi	@JAMESWT_MHT
415	acc70eb94782931ab5f817a91b3c4cedf4c3077fb497a63e90a55e500da7676e	exe	RecordBreaker	@abuse_ch
329	212fff7721e43dff7db6bd7a5df41d57dac21bbf9a9c7c952e5a4a11092761b7	exe	Emotet	@zbetcheckin
328	f2f8c2730204c757eb01c80258a2e1b260f2f525ab0e1d7453ff2f8b31174f25	exe		Anonymous
320	8090338badc224da17e784bdc511fd10d00896698338dcd2194d3002c733f782	exe		@abuse_ch
312	ed5225bcf35b63d220552d1a6fb95c9653565dfc4c33b6ee9402390e56db4f9c	exe		@andretavare5
298	4fe7ef88c01a7271b02b96363e19a3d4169ca21ab0254fb487e64354609bb82b	exe	GCleaner	@andretavare5
297	70dddee5260354519c01b84b2d66783f7aacd89b4c6654bc765cbf34996b7018	exe	CoinMiner	@andretavare5
292	a43850888151cc034d4a18616338702a3675d99c5041324a15090f5d20eabb9b	exe		@petikvx
290	5fc77394fd32986a32fe00746df98db40d11fb240cb6646513aec9157e104ff3	exe	DCRat	@abuse_ch
289	2874f19d385565b1c5d5e630163aef1d87280af5de2cba4a583ab683768df1f4	exe	Emotet	@zbetcheckin

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
1'102	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger Loki
588	884310b1928934402ea6fec1dbd3cf5e	GCleaner RedLineStealer Adware.InstallCore Socelars
223	61259b55b8912888e90f516ca08dc514	GuLoader Formbook AgentTesla Loki
187	3786a4cf8bfee8b4821db03449141df4	Adware.Neoreklami RedLineStealer
64	e72f606dd0982c47d40a1b2d2827cdc0	Smoke Loader Tofsee CoinMiner TeamBot
39	e3155d9cfab86b6c5c15edea4a8741d5	Smoke Loader RedLineStealer LummaStealer TeamBot
36	0f2c785ca8bc5088ca1685c62509469d	Smoke Loader RedLineStealer LummaStealer
28	4ad169539e30f4fdc9cb467ca358dbdb	Smoke Loader Tofsee CoinMiner TeamBot
28	f59055ddf5d9b2bfdec5b43ba63509a2	Smoke Loader CoinMiner Tofsee Rhadamanthys
26	831efd74b04212c71384962d1e3b11ac	Smoke Loader RedLineStealer TeamBot AsyncRAT

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
4	6144:uC1Y5jpr0602TzhldWqIk6jKSxPMkksMoK:uC18jpg60OCHNMBxoK	Rhadamanthys
2	49152:ySg8kOqBMdDhtQM4I+MkmJm9LcBwQYdXQ4J:tfkOqGhhtn9+nmJm9LcBCXvJ	DCRat
2	49152:CSg8kOqBMdDhtQM4I+MkmJm9LcBwQYdXQ4J:dfkOqGhhtn9+nmJm9LcBCXvJ	DCRat
2	12288:aCe8LxGQ7MRSRAsDYeQBWlWc4b70eU06zTwjZ++R5Mi6/ZVgCp0TLAXZoCzZWpfb:aN88Q7aQjDYLWlhW7JUyZ++R5PyZ5pcN	Matiex
2	98304:JCeCsdoOk1Qqrx+14KBDYauafqeu3M5qOmCc8:hdnkOq4iYEauaft4gtZ	DCRat
2	12288:RiRpPsdFZd2r35wVWg7FbrFu7JyNbU2/O+cYg:uiBdY3yhdFu7OP2+W	AgentTesla
2	3072:SxqZWpzalMMeZhTje75F3hWRHosxqZWpzalMMeZhTje75F3hWZH:AqZahTu3huqZahTu3h	RedLineStealer
2	49152:4EAW6oV1uWgMzCAKcNqGAonnXvjGt8YxKIh3i2L:bADWgmNqGAKKBli	DCRat
2	12288:lCjuH1KTxj0YvURk9DVz+v4AnhoYWGxBXxcVGrj4W:l4uH1AI1Rk9pzq4uasnXEc	SnakeKeylogger
2	6144:BhcCpT3BG6bzRvc2a5YA5NQ+z9/Xf/BhJTXz/jPGiiM+4+hdFVXNDVZHNjI3lTkj:0CpNvc2o/vndz/ju0+4WFN5RSmId	SnakeKeylogger

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
188	848c5454baf47474	1 x Adware.Neoreklami, 1 x RedLineStealer
182	b298acbab2ca7a72	165 x GCleaner, 7 x RedLineStealer, 2 x RustyStealer
140	71f0e0ccccf0f0f0	128 x GCleaner
67	b2a89c96a2cada72	23 x AgentTesla, 21 x Formbook, 5 x SnakeKeylogger
58	b9e8f2f0ac9bd8da	58 x GCleaner
51	78f8f9d9ccc088e1	51 x GCleaner
50	c1c0d8ccb434cce8	50 x GCleaner
45	0000000000000000	25 x AgentTesla, 4 x SnakeKeylogger, 3 x NetWire
42	b9f8f2d2b6a8ec76	42 x GCleaner
26	9494b494d4aeaeac	11 x DCRat, 7 x RedLineStealer, 1 x njrat