Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1Twitter @abuse_ch2022-06-261'289
2Twitter @zbetcheckin2022-06-261'035
3Twitter @KdssSupport2022-06-24535
4Twitter @SecuriteInfoCom2022-06-25448
5Twitter @GovCERT_CH2022-06-26395
6Twitter @tolisec2022-06-26238
7Twitter @JAMESWT_MHT2022-06-26214
8Twitter @cocaman2022-06-24211
9Twitter @pr0xylife2022-06-24155
10Twitter @TeamDreier2022-06-21139
11Twitter @obfusor2022-06-26137
12Twitter @malwarelabnet2022-06-24112
13Twitter @lowmal32022-06-24108
14Twitter @James_inthe_box2022-06-2470
15Twitter @adrian__luca2022-06-2246

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware SamplesYARA ruleAuthorLast match
2'231exploit_any_poppopretJeff White [karttoon@gmail.com] @noottrak2022-06-24
1'857pe_imphash2022-06-26
1'857Skystars_Malware_ImphashSkystars LightDefender2022-06-26
490pdb_YARAify@wowabiy3142022-06-26
489win_heodo2022-06-26
416crime_win64_emotet_unpackedRony (r0ny_123)2022-06-26
387Emotet_BotnetHarish Kumar P2022-06-26
370cobalt_strike_tmp01925d3fThe DFIR Report2022-06-26
358meth_get_eipWilli Ballenthin2022-06-26
337myMirai2022-06-26
260unixredflags3Tim Brown @timb_machine2022-06-26
220MALWARE_Win_AgentTeslaV3ditekSHen2022-06-25
217linux_generic_ipv6_catcher@_lubiedo2022-06-26
203MAL_Lokibot_Stealer2022-06-26
190INDICATOR_SUSPICIOUS_Binary_References_BrowsersditekSHen2022-06-26

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
4'274b9720e833fa96fec76f492295d7a46b6f524b958278d322c4ccecdc313811f11 zipMatanbuchusTwitter @k3dg3
4'273c6e9477fd41ac9822269486c77d0f5d560ee2f558148ca95cf1de39dea034186Microsoft Software Installer (MSI) msiMatanbuchusTwitter @pr0xylife
4'269cc08642ddbbb8f735a3263180164cda6cf3b73a490fc742d5c3e31130504e97c htmlMatanbuchusTwitter @pr0xylife
4'2622d8740ea16e9457a358ebea73ad377ff75f7aa9bdf748f0d801f5a261977eda4Microsoft Software Installer (MSI) msiMatanbuchusTwitter @pr0xylife
4'248c117b17bf187a3d52278eb229a1f2ac8a73967d162ad0cfc55089d304b1cc8a7 htmlMatanbuchusTwitter @pr0xylife
4'2346d3259011b9f2abd3b0c3dc5b609ac503392a7d8dea018b78ecd39ec097b3968DLL dllCobaltStrikeTwitter @pr0xylife
4'198f8cc2cf36e193774f13c9c5f23ab777496dcd7ca588f4f73b45a7a5ffa96145eDLL dllMatanbuchusTwitter @0x49736b
4'176e22ec74cd833a85882d5a8e76fa3b35daff0b7390bfbcd6b1ab270fd3741ceeaMicrosoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT
4'1676c5eb5d9a66200f0ab69ee49ba6411abf29840bce00ed0681ec8b48e24fd83da zipMatanbuchusTwitter @JAMESWT_MHT
4'1667e37d028789ab2b47bcab159da6458da2e8198617b0e7760174e4a0eea07d9c9Microsoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT
4'1644fd90cf681ad260f13d3eb9e38b0f05365d3984e38cfba28f160b0f810ffd4d3Microsoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT
4'164face46e6593206867da39e47001f134a00385898a36b8142a21ad54954682666Microsoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT
4'15782add858e5a64789b26c77e5ec4608e1f162aacbc9163920a0d4aa53eb3e9713 htmlMatanbuchusTwitter @JAMESWT_MHT
4'1555dcbffef867b44bbb828cfb4a21c9fb1fa3404b4d8b6f4e8118c62addbf859daMicrosoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT
4'1545708dced57f30ff79e789401360300fe3d5bdcf8f988ede6539b9608dfeb58fd htmlMatanbuchusTwitter @JAMESWT_MHT

ANY.RUN ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
1'804f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook SnakeKeylogger Loki
16456a78d55f3f7af51443e58e0ce2fb5f6GuLoader Formbook Loki AgentTesla
8073f2e145d0122febd498c144642f6a32Heodo
750328f71498488999af54dd9b22b15d24Heodo
660c0557a4b34ffa1a6c440529e6db5668RedLineStealer
62d872b96f004d4d21c5c8c092d254efc4Heodo
5761259b55b8912888e90f516ca08dc514GuLoader Formbook Loki RemcosRAT
47ef9476d0fbfc6b40d5643f82c26da05eHeodo
43208d0cc211620e212f602a360cc4d858Heodo
41d7a7fb1efd1bd874649adf2d4808fa65Heodo

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
71536:dpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9HuS4VcTO9/r7UYdEJe5oV/:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgvSilentBuilder Heodo
612288:SHqj6HEjkcF8GrjVrV34sxjX4VzIimwAV24yO+4XN:k2FkceG9rVl5XPimeHK9AveMariaRAT RemcosRAT DBatLoader FormBook
51536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG7HuS4VcTO9/r7UYdEJeZ:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dcHeodo SilentBuilder
512288:VdMRkCvvbYZbq/7a2fpqDF5o2t9uBSFBuBCjSUudUkqLt33xQFnGWeOkD:VmKoyq/O2ByFPt9uIiT9dUkq9aFFormbook RemcosRAT ModiLoader AveMariaRAT
51536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG7HuS4VcTO9/r7UYdEJeZ:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/d8SilentBuilder Heodo
512288:QOVndiHQ0jin7Oh0Lpm1oobShFlp/iCYGCBYAyEx:dVmiyh0Loo3PZiDzHeodo
51536:dpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9HuS4VcTO9/r7UYdEJe5oN/:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgHSilentBuilder Heodo
524576:mArq7iX2O7Zo+r5E1kBiKvyJsPFtZd52EUAEc:m17+7rTPdtZ9EcFormbook AveMariaRAT
412288:QOVndiHQ0jin7Oh0Lpm1UobShFlp/iCYGCBYAyEx:dVmiyh0LoU3PZiDzHeodo
41536:VTOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgTKHuS4NcTO9/z7UYdEJBc:VaKpb8rGYrMPe3q7Q0XV5xtezEsi8/dESilentBuilder Heodo

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)
53000000000000000015 x Formbook, 11 x AgentTesla, 10 x Loki
45399998ecd4d46c0e43 x Quakbot, 1 x DBatLoader, 1 x CryptOne
38d4aae8cce8b296cc16 x AgentTesla, 10 x Loki, 7 x FormBook
37818da080a0a0a0a237 x Heodo
370022a3a2b8a6e61016 x Formbook, 7 x AgentTesla, 6 x Loki
31b28ccaacda53d39b26 x Formbook
293a9a18b2a484a0c429 x Heodo
2902616868e0e4e8008 x Formbook, 7 x Loki, 4 x AgentTesla
27b2a89c96a2cada7211 x Formbook, 10 x GuLoader, 3 x NanoCore
23ecbcece2f2d0f4f923 x GuLoader

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 12 months.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1Twitter @abuse_ch2022-06-26106'817
2Twitter @lazyactivist1922022-05-1869'727
3Twitter @Cryptolaemus12022-05-0467'812
4Twitter @Seifreed2021-10-1948'947
5Twitter @zbetcheckin2022-06-2635'391
6Twitter @JAMESWT_MHT2022-06-2622'954
7Twitter @Libranalysis2022-03-2917'029
8Twitter @cocaman2022-06-2414'848
9Twitter @SecuriteInfoCom2022-06-2513'788
10Twitter @GovCERT_CH2022-06-2613'105
11Twitter @James_inthe_box2022-06-246'227
12Twitter @FORMALITYDE2022-06-215'664
13Twitter @tolisec2022-06-265'597
14Twitter @jarumlus2021-09-285'360
15Twitter @lowmal32022-06-245'265

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware SamplesYARA ruleAuthorLast match
78'468SharedStringsKatie Kleemola2021-12-26
76'696Email_stealer_bin_memJames_inthe_box2022-05-16
74'496Select_from_enumerationJames_inthe_box2021-12-26
73'329UAC_bypass_bin_memJames_inthe_box2022-04-20
71'638IPPort_combo_memJames_inthe_box2022-05-19
45'498Cobalt_functions@j0sm12022-05-19
41'832Skystars_Malware_ImphashSkystars LightDefender2022-06-26
34'409pe_imphash2022-06-26
29'565MALWARE_Win_DLLLoaderditekSHen2022-04-09
28'410DridexV4kevoreilly2022-04-09
28'072ach_Dridex_xls_20200528abuse.ch2022-05-06
25'452Win32_Trojan_EmotetReversingLabs2022-03-29
25'036DridexLoaderkevoreilly2022-04-09
23'584win_dridex_autoFelix Bilstein2022-04-09
23'180SUSP_Excel4Macro_AutoOpenJohn Lambert @JohnLaTwC2022-06-24

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
72'04570ab26000929d26e0e4e567bd0dc4158054538485fcfd51dd4b60a534967814b lzhFirebirdRATTwitter @GovCERT_CH
4'274b9720e833fa96fec76f492295d7a46b6f524b958278d322c4ccecdc313811f11 zipMatanbuchusTwitter @k3dg3
4'273c6e9477fd41ac9822269486c77d0f5d560ee2f558148ca95cf1de39dea034186Microsoft Software Installer (MSI) msiMatanbuchusTwitter @pr0xylife
4'269cc08642ddbbb8f735a3263180164cda6cf3b73a490fc742d5c3e31130504e97c htmlMatanbuchusTwitter @pr0xylife
4'2622d8740ea16e9457a358ebea73ad377ff75f7aa9bdf748f0d801f5a261977eda4Microsoft Software Installer (MSI) msiMatanbuchusTwitter @pr0xylife
4'248c117b17bf187a3d52278eb229a1f2ac8a73967d162ad0cfc55089d304b1cc8a7 htmlMatanbuchusTwitter @pr0xylife
4'2346d3259011b9f2abd3b0c3dc5b609ac503392a7d8dea018b78ecd39ec097b3968DLL dllCobaltStrikeTwitter @pr0xylife
4'198f8cc2cf36e193774f13c9c5f23ab777496dcd7ca588f4f73b45a7a5ffa96145eDLL dllMatanbuchusTwitter @0x49736b
4'176e22ec74cd833a85882d5a8e76fa3b35daff0b7390bfbcd6b1ab270fd3741ceeaMicrosoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT
4'1676c5eb5d9a66200f0ab69ee49ba6411abf29840bce00ed0681ec8b48e24fd83da zipMatanbuchusTwitter @JAMESWT_MHT
4'1667e37d028789ab2b47bcab159da6458da2e8198617b0e7760174e4a0eea07d9c9Microsoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT
4'1644fd90cf681ad260f13d3eb9e38b0f05365d3984e38cfba28f160b0f810ffd4d3Microsoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT
4'164face46e6593206867da39e47001f134a00385898a36b8142a21ad54954682666Microsoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT
4'15782add858e5a64789b26c77e5ec4608e1f162aacbc9163920a0d4aa53eb3e9713 htmlMatanbuchusTwitter @JAMESWT_MHT
4'1555dcbffef867b44bbb828cfb4a21c9fb1fa3404b4d8b6f4e8118c62addbf859daMicrosoft Software Installer (MSI) msiMatanbuchusTwitter @JAMESWT_MHT

ANY.RUN ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
76'672f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook SnakeKeylogger Loki
9'777c9f7e018b269f1b5fe81cf757d6f8e93Heodo
8'608987b9d7dc84d935c3675da82d40e06f2Dridex Gozi Tofsee VelvetSweatshopDridex
3'23287bed5a7cba00c7e1f4015f1bdae2183IcedID TrickBot Netsky Rapid
2'180433637d5d88b1ab11a7e5bfc30abfe93Dridex
1'9587fa974366048f9c551ef45714595665eFormbook Loki AgentTesla SnakeKeylogger
1'95850f8a2255c4baf188eb0098c86160f78Heodo
1'723d20e8b584b1e294911b88a699c987910Dridex
1'674afcdf79be1557326c854b6e20cb900a7AgentTesla RemcosRAT NanoCore QuasarRAT
1'586f71b9cb9891e9cf4bae79d2b5aa115c6Dridex

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
1'12412288:J2+J+l5QvSoOUkQNPRoswLLjfsHJNF05s:AJl5QrrkQFCHspN4Quakbot
1'12312288:U2+J+l5QvSoOUkQGPRoswLLjfsHJNF05F:PJl5QrrkQOCHspN4Quakbot
1'12112288:l2+J+l5QvSoOUkQiPRoswLLjfsHJNF05h:8Jl5QrrkQaCHspN4Quakbot
5281536:1I+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+x:1I+HymsYk3hbdlylKsgqopeJBWhZFGkzSilentBuilder Heodo
4191536:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e3/:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxzSilentBuilder Heodo
416768:0Jlk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIZEtm/piJaiyH5YnJe+eO+8WoFYpLd:0rk3hbdlylKsgqopeJBWhZFGkE+cMLx6SilentBuilder Heodo
4011536:u8rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAE6yHBEL70drpFk0GX/s2C6ORQYDBhQ:ugk3hbdlylKsgqopeJBWhZFGkE+cL2N8SilentBuilder Heodo
3733072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2Gozi Heodo
3513072:zs+Hyms0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIb4UgCEqM5mheHRAjNKnlGIz/:o+Hyms0k3hbdlylKsgqopeJBWhZFVE+PSilentBuilder Heodo
30712288:xyP2Md2hn+tDKFtKwK5KLK6KYK5KlK3K1aoNl7Mv+lwVwy:grdO+tDKFQoNOmlTrickBot

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)
3'62771b119dcce5763333'382 x Heodo, 200 x TrickBot, 9 x BazaLoader
2'950b2a89c96a2cada721'313 x Formbook, 779 x Loki, 256 x AgentTesla
77179756cecb29999b9729 x Heodo, 16 x CobaltStrike, 12 x Nitol
690399998ecd4d46c0e436 x Quakbot, 137 x ArkeiStealer, 26 x Smoke Loader
6300000000000000000141 x AgentTesla, 115 x Formbook, 62 x SnakeKeylogger
388ead8ac9cc6e68ee0118 x RaccoonStealer, 102 x RedLineStealer, 45 x Smoke Loader
374b2dacabecee6baa6113 x RedLineStealer, 58 x RaccoonStealer, 53 x Stop
33171e87c746071f0ec324 x Heodo, 6 x BazaLoader, 1 x TrickBot
3104839b234e8c38890121 x RaccoonStealer, 54 x RedLineStealer, 51 x ArkeiStealer
301102636b4b4343434300 x Heodo, 1 x CobaltStrike