NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

Statistics

YARAify produces detailed statistics on files scanned, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on YARAify data:

File Scans

The chart below shows the number of file scans conducted by YARAify over the past 30 days.

Data Scanned

This chart shows the amount of data scanned in Megabytes over the past 30 days.

API requests

The illustration below documents the number of API requests over the past 30 days.

Most matching YARA rules

YARA rules that matched most on files scanned on YARAify in the past 14 days.

Task countYARA RuleAuthorLast match
3'282'941Sus_Obf_Enc_Spoof_Hide_PEXiAnzheng2025-06-18
430'878golang_bin_JCorn_CSC846Justin Cornwell2025-06-18
369'677DebuggerCheck__API2025-06-18
263'426NETmalware-lu2025-06-18
202'925vmdetectnex2025-06-18
169'662SHA1_Constantsphoul (@phoul)2025-06-18
169'662RIPEMD160_Constantsphoul (@phoul)2025-06-18
160'425UPXV200V290MarkusOberhumerLaszloMolnarJohnReisermalware-lu2025-06-18
159'045SEH__vba2025-06-18
154'210pe_detect_tls_callbacks2025-06-18
150'484MD5_Constantsphoul (@phoul)2025-06-18
139'822ThreadControl__Context2025-06-18
137'042DebuggerException__SetConsoleCtrl2025-06-18
136'383botnet_plaintext_c2cip2025-06-18
135'136UPXv20MarkusLaszloReisermalware-lu2025-06-18

ClamAV Most matching ClamAV signature

ClamAV signature that matched most on files scanned on YARAify in the past 14 days.

Task countClamAV SignatureLast match
192'197PUA.Win.Packer.Lccwin-22025-06-18
128'645Win.Trojan.Obfus-382025-06-18
113'506Win.Trojan.Padodor-10016488-02025-06-18
113'500Win.Trojan.Qukart-6874817-02025-06-18
112'518Win.Malware.Qukart-6838239-02025-06-18
73'827SecuriteInfo.com.BackDoor.HangUp.43791.UNOFFICIAL2025-06-18
69'249Win.Trojan.Padodor-9877164-02025-06-18
36'370Win.Trojan.Berbew-9994138-02025-06-18
33'946Win.Virus.Eked-12025-06-18
33'801Win.Trojan.VB-316792025-06-18
33'138Win.Malware.Genpack-6989317-02025-06-18
31'276Win.Malware.Vilsel-6804257-02025-06-18
31'028Win.Trojan.Generic-9950561-02025-06-18
29'209Win.Trojan.Vilsel-46212025-06-18
29'170Win.Trojan.Vilsel-46222025-06-18

Most seen files

Most seen files scanned by YARAify in the past 14 days.

Task countSHA256 hashLast seen
1'218ff8f729eb7a69bee300d0fbf2b5e1a584b4377fe63ab8df1ee92b4b336eb50592025-06-10
8612b104743dece000958832b3a66f49d2ccaeba3a56325ef32cf615c51cf2250a12025-06-09
751a883f8cd353f5e839662f06b058911a6adab40d9e066b12c2e16e41f470e2b122025-06-12
691928ce32da30de4ba7d6eb77f3f3a09fc53f37f2751dfdc2a038a2c6a6a7270352025-06-14
5805536ffc17b6821f6246a8bf1bab50bebd90cd657467e63679da127b00c2dc3cf2025-06-12
5173d5dc5dfb0b792640db1cd518f82882f14c8fb4138555b595c2bfcdadf354a2d2025-06-16
516a662343164434fa095171dac6fbfef1dedc02e56a38784cbec79f08c32cb4e3e2025-06-16
515a8f57a76c382ce46af62563666e6d87cf6408fadd02e3d90c7e77bc05ad65d2a2025-06-16
4161f805a913e362afedab1f2252b5b1abd50b94ea7132889c1501a0379e88e8bb92025-06-03
371bd5bad8ae151d32347eb6b06ee28f8a1ba6e1f80cd966ecb0f8fd23a7ee10b462025-06-04
305fb87d8a7807626279bae04d56ba01ce1401917f6b0e7a74a335208a940221ddd2025-06-11
26138ffa19cc2ce48316a74b2896076c1c711921e0d08372896ae8ea4af57811f1e2025-06-05
261b710ae59bc996a099ca491f6d32fef2d8d5fa25f266d590e4a7a13f81ab2b4322025-06-05
160b6ddfca432ccb7110a24f74d3eb3977aa49d305671f9cccf89f75e93481be89f2025-06-14
14053c22863323c0f5ff94f4ae86df27a51db4eae7232cc38333346ee8be9df5aa62022-02-07

Top dhash icon

Top dhash icon observed on files scanned by YARAify in the past 14 days.

Task countdhash iconLast seen
32'55900ccc4d0c4fc7c002025-06-17
13'283e9f4aa8accc6c6642025-06-17
10'7311003873d31213f102025-06-17
9'80604ccfee2ece4a4842025-06-17
5'566399998ecd4d46c0e2025-06-17
5'47169ccd4d49696cc712025-06-17
5'20501ccc4d0c4f47c022025-06-17
4'7591003873db9313e102025-06-17
4'474e0f0e48c8ca4c0e02025-06-17
4'004f0ccae92d0d8e8822025-06-17
3'721e8b03c727a9ad0e82025-06-17
3'585818da080a0a0a0a22025-06-17
3'088c8e2fae6b2b282cc2025-06-17
2'812336b13233b3b3b2b2025-06-17
2'742b298acbab2ca7a722025-06-17

Top imphash

Top imphash observed on files scanned by YARAify in the past 14 days.

Task countimphashLast seen
68'06346f03ef2495b21d7ad3e8d36dc03315d2025-06-18
35'9034dcbc0931c6f88874a69f966c86889d92025-06-18
35'3393f8d79e42b0b7cecf379b1ddce4e422a2025-06-18
25'710a8f69eb2cf9f30ea96961c86b43472822025-06-18
20'411f34d5f2d4577ed6d9ceec516c1f5a7442025-06-18
19'8882640d4b5d04a2d6756ecdf3ec765cc1a2025-06-18
16'99809d0478591d4f788cb3e5ea416c252372025-06-18
13'90587914047e74de74a89c530e3bb19409e2025-06-18
12'679dae02f32a21e03ce65412f6e56942daa2025-06-18
9'70891f4b88d25daa33c7443253d9beb1bb32025-06-18
8'451c9246f292a6fdc22d70e6e581898a0262025-06-18
7'4586db997463de98ce64bf5b6b8b0f77a452025-06-18
7'1282c2ad1dd2c57d1bd5795167a7236b0452025-06-18
6'8451639b1e17656fed4f63bac94cbb79cec2025-06-18
5'6468abecba2211e61763c4c9ffcaa13369e2025-06-18

Top tlsh

Top tlsh observed on files scanned by YARAify in the past 14 days.

Task counttlshLast seen
861T195D4234E84B6D35AF937C09A50B2EB99C4F9F4D3384439A351281591F010DFBE2BB6A62025-06-09
751T1FFC3027C2018B529C98D4D49DE3A3FDD2350BBE349CB84C16692DA84E6D6BDCD402ECB2025-06-12
691T192155764489D3CEED79A57C0A72F3C2E718CB136E2C81B590329D7464278A3F666718F2025-06-14
580T1EF252363EBD1981BCD9543B88197CA0C6D676D665EC2C138F12ECD3A2B315A0FC5688F2025-06-12
576T1F9622A3B47452D491A287BB7E6F8660C5B1EE1D37B43CB28B1B50E51873EB4039A61DC2025-06-16
575T187622B3B47452D891A287BB7E6F8660C5B1EE1D37B43CB28B1B50E51873EB4039A61DC2025-06-16
573T170621A3B47452D491A287BB7E6F8660C5B1EE1D37B43CB28B1B50E51873EB4039A61DC2025-06-16
371T1EA95021198093ACED2864BB25F1B3C5ABA0EF15398CD12E0357ECAD34341FBA69672172025-06-04
305T199562239AE68F1EA003683856E696E7CE13E7753B15FBBA068D78BBE0551F4390533402025-06-11
261T18033E12DCEE9884CF02382FA073C34BC44FCBA6851D449D650BD4F553A15CAE68A6DEB2025-06-05
261T176D3E145A4AA9C4CD5F2EC118A7CBCE5C20F7177C8D140A9BBAF0F02E4D1551B9A36EB2025-06-05
189T156C302A0C92E8CCCF556DB391CA13D0DC7D9BF8B86EA42E354EC8682974C698AC171D52025-06-03
160T1C5D66B68E683D8F6DC4207754087BAAF22B8A770C779CE27DA046C58DB37E9645373062025-06-10
152T190C46C2AA4604176E4F5213121FE7A672CBD2E6443ED24D377A05E8D6DA41F3B2381EF2021-11-18
145T124D66B68E683D8F6DC4207754087BAAF22B8A770C779CE27DA046C58DB37E9645373062025-04-08

Top telfhash

Top telfhash observed on files scanned by YARAify in the past 14 days.

Task counttelfhashLast seen
419t10ab0011070740bb84308e12d5cdcae5679f20cc3fe470c27db6047a159b54434d00d182025-06-17
397t186c08c8c0fd401beba7d72a203bef2bf61a072f0be0224920404eb6f074c584028144c2025-06-17
74t16b31f7fa4fbb09ecb7c46880c35a6ad2266ed677152076f400729cd423f7e9150b9c352025-06-11
70t1fb014b18153417f193808ddd6bedff34e4a180df9a261e37cd40da9ae260a829c00c2c2025-06-12
70t1ece07d00bd74ca18d8c79a75fe4c03a1d601132221030724cf60d3d0843f048b20de8a2025-06-12
67t1aaf09e258e0445e97b644f8917cd71ad3e243d4dff272451197aac658503ed6453742c2025-06-12
65t18ef059504e0989e8fb508d9283ccb2ec3a503824f71128626aaaac5c4313ae2143301d2025-06-12
62t16a2106118cb70b093ef2565c7caf65d5515164153a306db1cf58c44c852f077e1727e92025-06-11
60t169110d31396629a4e1f7e9557341e52048602e7521d031e2e3b36cfede927830c3e4772025-06-12
50t1cb2114128cb70b097ef2875c7caf69c652a264153a306eb1cf58c44c897f077a172be92025-06-16
39t1def02b604d4516d87bd8de0d828c322e6dba7275b3051806d79d5e4b45279c3a12603b2025-06-12
38t17c2136118c7b0b093ef29a5c7cafa6c551a169193a306db1cf68c44c852f07be172be92025-06-11
37t119f02ba04d8a06d47bd4de0e818c736e3da5617576061402db9d6e4b45379c3712643a2025-06-11
36t15a31326167784116aea1ec64dced57f2152b8b271344ff32df26c0cc281a449fa2ac0f2025-06-12
36t1bc4162180a7817f4a3356c4e199cef77d6a330db7e221d378e51e86aab699835d10c0c2025-06-12

File Scans

The chart below shows the number of file scans conducted by YARAify over the past 12 months.

Data Scanned

This chart shows the amount of data scanned in Megabytes over the past past 12 months.

API requests

The illustration below documents the number of API requests over the past past 12 months.

Most matching YARA rules

YARA rules that matched most on files scanned on YARAify in the past 12 months.

Task countYARA RuleAuthorLast match
35'009'872Sus_Obf_Enc_Spoof_Hide_PEXiAnzheng2025-06-18
8'882'644maldoc_getEIP_method_1Didier Stevens (https://DidierStevens.com)2025-06-18
8'836'946meth_get_eipWilli Ballenthin2025-06-18
7'816'416QbotStuffanonymous2024-08-15
5'798'600win_berbew_strings_dec_2023Matthew @ Embee_Research2025-06-18
5'487'805SEH__vba2025-06-18
5'391'786DebuggerCheck__API2025-06-18
4'609'620Detect_APT29_WINELOADER_Backdoordaniyyell2024-09-24
3'697'653golang_bin_JCorn_CSC846Justin Cornwell2025-06-18
2'993'074pe_detect_tls_callbacks2025-06-18
2'845'423NETmalware-lu2025-06-18
2'759'122vmdetectnex2025-06-18
2'477'645UPXV200V290MarkusOberhumerLaszloMolnarJohnReisermalware-lu2025-06-18
2'328'583RansomPyShield_AntiransomwareXiAnzheng2025-01-04
2'133'440RANSOMWAREToroGuitar2025-06-18

ClamAV Most matching ClamAV signature

ClamAV signature that matched most on files scanned on YARAify in the past 12 Mmonths.

Task countClamAV SignatureLast match
34'255'618PUA.Win.Packer.Lccwin-22025-06-17
23'018'419Win.Trojan.Qukart-6874817-02025-06-17
22'943'082Win.Trojan.Padodor-10016488-02025-06-17
22'801'001Win.Trojan.Obfus-382025-06-17
18'788'710Win.Malware.Qukart-6838239-02025-06-17
6'329'596SecuriteInfo.com.BackDoor.HangUp.43874.UNOFFICIAL2025-06-11
5'516'256Win.Trojan.Berbew-9845290-12025-06-17
4'374'460SecuriteInfo.com.BackDoor.HangUp.43791.UNOFFICIAL2025-06-17
4'371'908Win.Trojan.Padodor-9877164-02025-06-17
3'734'728Win.Malware.Midie-6847981-02025-05-17
3'579'497Win.Dropper.Ajku-10014126-02025-06-17
3'309'731Win.Trojan.Barys-10005825-02025-06-17
3'198'477Win.Malware.Generickdz-10004857-02025-06-17
3'088'229Win.Malware.Midie-6848630-02025-06-17
3'056'404Win.Malware.Midie-6847894-02025-06-17

Most seen files

Most seen files scanned by YARAify in the past 12 months.

Task countSHA256 hashLast seen
8'969e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8552021-07-12
4'5795ddfdd55fac3a23673a52fb3a75bed7dee266fb6fc8b10ced3746ab43064aef52025-03-12
3'53523c2d2b0c6cec3e69cb07f942c9e56f2087aeb24015be25823897faafc4708ae2022-02-07
3'5035ea4d94c695189639e9ab7afe8d76d231030921fbfdd95e1941c7c0a05fb8f032022-02-07
3'498e0af7f483f4965dca90eb5921ae004a7e41593b39284a63af97a9105b96718e72022-01-06
3'49339e48a3fc7e67968ff5d6e3cf8e12a7256af93ccabbce4da20d28c79237d95e82022-01-06
3'4931115b6c913a207b9d81f8482613b2a9c2929ca81399861d2d2c47422e244060d2022-02-07
3'493b3986e04464339cec16157cf8c8bffec3a8a8c5eae57997974d45f5369fa16552021-07-07
3'49169c88b4d5ea84620d1b762d5119fe9293c34e68268e7006cb503b865e963b2512021-07-09
3'477ebd6320e24d47c0d638749a149f14f4c94b1c98afa228dba1f48eea19a2c72572021-07-09
3'45287479e089e6852958dab4026e07bc01ed1f31af423b1d26db462ef7493a537f12022-02-08
3'44632996a04eeead4de0813ca803033429fd38e0aa4ab8d603508e1d2c6bd38aba72022-02-08
3'43153c22863323c0f5ff94f4ae86df27a51db4eae7232cc38333346ee8be9df5aa62022-02-07
3'3788718400c6ca71b5afb0534931628b2aace3e5cc515edaa33d1da678f947b5cd42022-02-08
3'375a4ec9fd2488f0b1734317beb74e1524838d0f7c907eb4e452d7cf40c03c7e5dd2021-07-08

Top dhash icon

Top dhash icon observed on files scanned by YARAify in the past 12 months.

Task countdhash iconLast seen
2'214'38618b1b1b17068c8802025-06-18
750'16358b1b1b17068c8802025-06-18
431'321d8d0d4d8ececece42025-06-18
375'6931003873db9313e102025-06-18
357'0261003873d31213f102025-06-18
334'19500ccc4d0c4fc7c002025-06-18
252'94204ccfee2ece4a4842025-06-18
150'82769ccd4d49696cc712025-06-18
116'356526e32661e3a2a102025-06-18
94'62371e8d4968ecc68f92025-05-31
87'396b298acbab2ca7a722025-06-18
64'5009919aca682a881a92025-06-03
62'904e0f0e48c8ca4c0e02025-06-18
52'348818da080a0a0a0a22025-06-18
51'67319b1b1b17068c8802025-06-18

Top imphash

Top imphash observed on files scanned by YARAify in the past 12 months.

Task countimphashLast seen
10'392'6946db997463de98ce64bf5b6b8b0f77a452025-06-18
7'395'7944dcbc0931c6f88874a69f966c86889d92025-06-18
5'394'696c9246f292a6fdc22d70e6e581898a0262025-06-18
5'185'39846f03ef2495b21d7ad3e8d36dc03315d2025-06-18
3'286'5255d6cad172c5535e4b6b6bbd2465716212025-06-18
1'376'1643f8d79e42b0b7cecf379b1ddce4e422a2025-06-18
1'320'823e4742a62fda2e64b586a5b84efe3f0402025-05-27
1'161'91987914047e74de74a89c530e3bb19409e2025-06-18
547'3992640d4b5d04a2d6756ecdf3ec765cc1a2025-06-18
515'66391f4b88d25daa33c7443253d9beb1bb32025-06-18
482'481f34d5f2d4577ed6d9ceec516c1f5a7442025-06-18
295'138dae02f32a21e03ce65412f6e56942daa2025-06-18
284'670c06ddfbe3366daddf0cfd3e63c1b53902025-06-18
184'937be6fa16f501de575a1d8eaaac5246ba02025-06-18
177'34888478c1f74f94f7e1e9654193a1e02b32025-06-17

Top tlsh

Top tlsh observed on files scanned by YARAify in the past 14 months.

Task counttlshLast seen
3'548T1B5033E9736E31000FB09BE35C654834FEF06CF59B97A9B4ED39826C72371A78629E0592022-02-07
3'515T10016DD42A3F94608F6F77F7469B916604E3BBCA6AD79C21C1284505E5EB2E40CDB0B732022-01-06
3'515T160030B9736E31000FB09BE32E554C24FEF06CF59B976974ED39826C72350A78662E45B2022-02-07
3'510T1EF16DD42A3F94608F6F77F7469B916604E3BBCA6AD79C21C1284505E5EB2E40CDB0B732022-01-06
3'509T1C8E052F688E090AC080023A82BDF2CA5437B03BD00202A0BF20BA04D022DF72E30A3F02021-07-07
3'503T153819E61842314C4F557CFF0D61BD82AAFA5334684584E1123E0606A4BCF60427041E32022-02-07
3'486T138118CABCBE6ACF1C80C10B4070B8D013674883443E1C3170EA5007E7CA22FCD8B6E022021-07-09
3'472T1CCE2F87B94C24337C001EFB60B95C9AEBB736D306564C0E32BD42B1F892B9687D5D4692021-07-09
3'462T1D7819E61842314C4F557CEF4D51BE869BFA5734550584E1423E0705A4BCBA1427551A32022-02-08
3'457T13A03389736E31100FB08FE32C554838FEF86CF69B976974AD79826C72350A78621E45E2022-02-08
3'445T1BD812B4525A230CAC056C270ED52C158ABD9BC37AF44D3BBF1B90FDD83112451CC1B0B2022-02-07
3'388T1A58162A0432FB74ADC5680B151DEA0E16667707204E5CA0551C916ADDB829F0EF74C332022-02-08
3'384T10E8132A0832FBA4ADC96847151DEE1E16667307604E5C50161DA26DEDB83AE4EF78C332022-02-08
3'381T1DD816250432BB64AEC9A84B0409EA1E13657217214F2C91161CA66DC8B82AF4AF68C332022-02-08
3'380T1688141C1405F2A7CF2ED8ABCA20506C43D46B4B324754D651184782DAA23E4C7722A332022-02-08

Top telfhash

Top telfhash observed on files scanned by YARAify in the past 12 months.

Task counttelfhashLast seen
5'724t126f09018093456e197116ec8673dff7ad56220ef6a055e378f00fda79b699426e10c0c2025-06-05
1'133t140317403a83f8f3ac5a298b0dc650765516b5701b4f9d7109f3ca9d06c79016702aacd2025-06-16
432t13611d04270b6891d2bb659245cbc42b5165536236381be75bf0ec5c45537002ba79e8b2025-06-17
419t10ab0011070740bb84308e12d5cdcae5679f20cc3fe470c27db6047a159b54434d00d182025-06-17
397t186c08c8c0fd401beba7d72a203bef2bf61a072f0be0224920404eb6f074c584028144c2025-06-17
368t157110e13a0b9ca282bf348249dbc07f005502b23a782be71bf0ac5c49437002a875d9b2025-04-20
309t178310071567851269aa1ec64d9ed97b2652ac7171340ff32df26c0cc281a449f62ac0f2025-06-11
302t10751b1fa6dba08ecfbd0a804c75e5bd33669ca7b153025b0406398b532f79954475c3a2025-06-11
281t1564165181e7817b063356c4e159cef3b96a320db7e176c378e51e86aab699835d10c0c2025-06-11
281t1e1d0a7d19e681c48e9f4805dc4ef61679340b5d17f1494877df16d029a320c9703110e2025-06-14
279t12e11401a8f942e4eaff4000e869ea21b547075592f2b78538c2a752b93831c2f06dc532025-06-13
278t1ad11e113a0b9ca286bf758349dbc47f105512b23b746be71bf0ac5c49537002b975d9b2025-04-20
265t1d211020260b689282bb259205cbc42f1165526233341be75bf0ec5c4993b002aa78e8b2025-06-17
259t173111069cfd8159e2fe08244e15db44e9a74726d1f6735925d756a8fd1428e3306cc202025-06-11
257t17951bbb0399939d8a2fbfb37730be9a45cb50a6015e172d1ceb769e2de417840cb14632025-06-11