Statistics
YARAify produces detailed statistics on files scanned, including associated detections - find the available statistics below.
You can also access Spamhaus's Malware Digest report, based on YARAify data:
File Scans
The chart below shows the number of file scans conducted by YARAify over the past 30 days.
Data Scanned
This chart shows the amount of data scanned in Megabytes over the past 30 days.
API requests
The illustration below documents the number of API requests over the past 30 days.
Most matching YARA rules
YARA rules that matched most on files scanned on YARAify in the past 14 days.
| Task count | YARA Rule | Author | Last match |
|---|---|---|---|
| 4'293'173 | Sus_Obf_Enc_Spoof_Hide_PE | XiAnzheng | 2025-08-06 |
| 215'868 | golang_bin_JCorn_CSC846 | Justin Cornwell | 2025-08-06 |
| 213'781 | vmdetect | nex | 2025-08-06 |
| 174'143 | NET | malware-lu | 2025-08-06 |
| 164'735 | DebuggerCheck__API | 2025-08-06 | |
| 159'231 | FreddyBearDropper | Dwarozh Hoshiar | 2025-08-06 |
| 111'230 | DetectEncryptedVariants | Zinyth | 2025-08-06 |
| 108'142 | SEH__vba | 2025-08-06 | |
| 107'998 | pe_detect_tls_callbacks | 2025-08-06 | |
| 96'914 | UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | malware-lu | 2025-08-06 |
| 83'011 | Sus_CMD_Powershell_Usage | XiAnzheng | 2025-08-06 |
| 78'165 | UPXv20MarkusLaszloReiser | malware-lu | 2025-08-06 |
| 76'753 | classified | classified | 2025-08-06 |
| 72'620 | classified | classified | 2025-08-06 |
| 69'284 | MD5_Constants | phoul (@phoul) | 2025-08-06 |
Most matching ClamAV signature
ClamAV signature that matched most on files scanned on YARAify in the past 14 days.
| Task count | ClamAV Signature | Last match |
|---|---|---|
| 293'380 | PUA.Win.Packer.Lccwin-2 | 2025-08-06 |
| 197'434 | Win.Trojan.Obfus-38 | 2025-08-06 |
| 176'512 | SecuriteInfo.com.BackDoor.HangUp.43914.UNOFFICIAL | 2025-08-06 |
| 137'655 | Win.Malware.Qukart-6838239-0 | 2025-08-06 |
| 135'875 | Win.Trojan.Padodor-10016488-0 | 2025-08-06 |
| 135'875 | Win.Trojan.Qukart-6874817-0 | 2025-08-06 |
| 115'922 | SecuriteInfo.com.BackDoor.HangUp.44049.10213.32330.UNOFFICIAL | 2025-08-06 |
| 115'860 | Win.Trojan.Padodor-9877164-0 | 2025-08-06 |
| 74'022 | SecuriteInfo.com.BackDoor.HangUp.43791.UNOFFICIAL | 2025-08-06 |
| 72'565 | SecuriteInfo.com.BackDoor.IRC.Tdongs.13538.21428.UNOFFICIAL | 2025-08-06 |
| 49'432 | Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 | 2025-08-06 |
| 47'775 | Win.Packed.Generickdz-10022900-0 | 2025-08-06 |
| 41'878 | Win.Trojan.Packz-10033592-0 | 2025-08-06 |
| 40'793 | Win.Packed.Generickdz-10020556-0 | 2025-08-06 |
| 40'643 | Win.Trojan.Berbew-9845290-1 | 2025-08-06 |
Most seen files
Most seen files scanned by YARAify in the past 14 days.
Top dhash icon
Top dhash icon observed on files scanned by YARAify in the past 14 days.
| Task count | dhash icon | Last seen |
|---|---|---|
| 15'735 | 00ccc4d0c4fc7c00 | 2025-08-07 |
| 14'968 | e9f4aa8accc6c664 | 2025-08-07 |
| 11'093 | 04ccfee2ece4a484 | 2025-08-07 |
| 10'209 | 1003873d31213f10 | 2025-08-07 |
| 9'936 | 1003873db9313e10 | 2025-08-07 |
| 7'994 | 69ccd4d49696cc71 | 2025-08-07 |
| 5'865 | e8b03c727a9ad0e8 | 2025-08-07 |
| 5'198 | 399998ecd4d46c0e | 2025-08-07 |
| 5'163 | e0f0e48c8ca4c0e0 | 2025-08-07 |
| 3'323 | f4b484ece0f0d860 | 2025-08-07 |
| 3'097 | 0000000000000102 | 2025-08-06 |
| 3'043 | 00ccc4d0c4fcfc45 | 2025-08-07 |
| 2'912 | 1003873db9313e16 | 2025-08-07 |
| 2'645 | 18b1b1b17068c880 | 2025-08-06 |
| 2'538 | b67ee8c2f2f0711a | 2025-08-06 |
Top imphash
Top imphash observed on files scanned by YARAify in the past 14 days.
| Task count | imphash | Last seen |
|---|---|---|
| 104'781 | 46f03ef2495b21d7ad3e8d36dc03315d | 2025-08-06 |
| 36'647 | c9246f292a6fdc22d70e6e581898a026 | 2025-08-07 |
| 35'673 | 4dcbc0931c6f88874a69f966c86889d9 | 2025-08-07 |
| 30'888 | 3f8d79e42b0b7cecf379b1ddce4e422a | 2025-08-07 |
| 23'624 | 6db997463de98ce64bf5b6b8b0f77a45 | 2025-08-07 |
| 20'961 | 87914047e74de74a89c530e3bb19409e | 2025-08-07 |
| 19'511 | f34d5f2d4577ed6d9ceec516c1f5a744 | 2025-08-07 |
| 18'897 | 2640d4b5d04a2d6756ecdf3ec765cc1a | 2025-08-06 |
| 12'287 | 09d0478591d4f788cb3e5ea416c25237 | 2025-08-07 |
| 11'907 | 2c2ad1dd2c57d1bd5795167a7236b045 | 2025-08-07 |
| 9'713 | 8abecba2211e61763c4c9ffcaa13369e | 2025-08-06 |
| 9'100 | dae02f32a21e03ce65412f6e56942daa | 2025-08-07 |
| 8'796 | aa77d18b40072a7e1dc36630aafffd27 | 2025-08-06 |
| 8'680 | 5d6cad172c5535e4b6b6bbd246571621 | 2025-08-07 |
| 8'022 | 58708828d5c31968bd59859804ecde67 | 2025-08-07 |
Top tlsh
Top tlsh observed on files scanned by YARAify in the past 14 days.
Top telfhash
Top telfhash observed on files scanned by YARAify in the past 14 days.
File Scans
The chart below shows the number of file scans conducted by YARAify over the past 12 months.
Data Scanned
This chart shows the amount of data scanned in Megabytes over the past past 12 months.
API requests
The illustration below documents the number of API requests over the past past 12 months.
Most matching YARA rules
YARA rules that matched most on files scanned on YARAify in the past 12 months.
| Task count | YARA Rule | Author | Last match |
|---|---|---|---|
| 50'169'597 | Sus_Obf_Enc_Spoof_Hide_PE | XiAnzheng | 2025-08-06 |
| 5'430'502 | SEH__vba | 2025-08-06 | |
| 5'047'143 | DebuggerCheck__API | 2025-08-06 | |
| 4'642'823 | golang_bin_JCorn_CSC846 | Justin Cornwell | 2025-08-06 |
| 4'609'620 | Detect_APT29_WINELOADER_Backdoor | daniyyell | 2024-09-24 |
| 3'259'703 | NET | malware-lu | 2025-08-06 |
| 3'258'776 | pe_detect_tls_callbacks | 2025-08-06 | |
| 3'168'451 | vmdetect | nex | 2025-08-06 |
| 2'624'374 | UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | malware-lu | 2025-08-06 |
| 2'393'675 | RANSOMWARE | ToroGuitar | 2025-08-06 |
| 2'328'583 | RansomPyShield_Antiransomware | XiAnzheng | 2025-01-04 |
| 2'118'625 | UPXv20MarkusLaszloReiser | malware-lu | 2025-08-06 |
| 2'114'056 | MD5_Constants | phoul (@phoul) | 2025-08-06 |
| 1'908'078 | maldoc_getEIP_method_1 | Didier Stevens (https://DidierStevens.com) | 2025-08-04 |
| 1'886'671 | meth_get_eip | Willi Ballenthin | 2025-08-04 |
Most matching ClamAV signature
ClamAV signature that matched most on files scanned on YARAify in the past 12 Mmonths.
| Task count | ClamAV Signature | Last match |
|---|---|---|
| 32'600'172 | PUA.Win.Packer.Lccwin-2 | 2025-08-06 |
| 21'672'009 | Win.Trojan.Obfus-38 | 2025-08-06 |
| 21'468'019 | Win.Trojan.Qukart-6874817-0 | 2025-08-06 |
| 21'394'056 | Win.Trojan.Padodor-10016488-0 | 2025-08-06 |
| 17'745'694 | Win.Malware.Qukart-6838239-0 | 2025-08-06 |
| 6'296'018 | SecuriteInfo.com.BackDoor.HangUp.43874.UNOFFICIAL | 2025-08-06 |
| 5'338'428 | Win.Trojan.Berbew-9845290-1 | 2025-08-06 |
| 4'726'555 | SecuriteInfo.com.BackDoor.HangUp.43791.UNOFFICIAL | 2025-08-06 |
| 4'627'880 | Win.Trojan.Padodor-9877164-0 | 2025-08-06 |
| 3'585'562 | Win.Malware.Midie-6847981-0 | 2025-06-22 |
| 3'486'402 | Win.Dropper.Ajku-10014126-0 | 2025-08-06 |
| 3'275'846 | Win.Trojan.Barys-10005825-0 | 2025-08-06 |
| 3'125'763 | Win.Malware.Generickdz-10004857-0 | 2025-08-06 |
| 3'058'731 | Win.Malware.Midie-6848630-0 | 2025-08-06 |
| 3'024'902 | Win.Malware.Midie-6847894-0 | 2025-08-06 |
Most seen files
Most seen files scanned by YARAify in the past 12 months.
Top dhash icon
Top dhash icon observed on files scanned by YARAify in the past 12 months.
| Task count | dhash icon | Last seen |
|---|---|---|
| 2'049'152 | 18b1b1b17068c880 | 2025-08-06 |
| 748'377 | 58b1b1b17068c880 | 2025-08-06 |
| 407'206 | 00ccc4d0c4fc7c00 | 2025-08-07 |
| 356'453 | 1003873d31213f10 | 2025-08-07 |
| 281'862 | 1003873db9313e10 | 2025-08-07 |
| 279'655 | 04ccfee2ece4a484 | 2025-08-07 |
| 210'608 | d8d0d4d8ececece4 | 2025-08-02 |
| 152'096 | 69ccd4d49696cc71 | 2025-08-07 |
| 99'295 | e9f4aa8accc6c664 | 2025-08-07 |
| 99'119 | 526e32661e3a2a10 | 2025-08-07 |
| 87'436 | b298acbab2ca7a72 | 2025-08-07 |
| 80'186 | e0f0e48c8ca4c0e0 | 2025-08-07 |
| 61'138 | 71e8d4968ecc68f9 | 2025-08-02 |
| 58'680 | 818da080a0a0a0a2 | 2025-08-07 |
| 55'681 | 399998ecd4d46c0e | 2025-08-07 |
Top imphash
Top imphash observed on files scanned by YARAify in the past 12 months.
| Task count | imphash | Last seen |
|---|---|---|
| 8'052'016 | 6db997463de98ce64bf5b6b8b0f77a45 | 2025-08-08 |
| 6'008'975 | 4dcbc0931c6f88874a69f966c86889d9 | 2025-08-08 |
| 4'810'000 | 46f03ef2495b21d7ad3e8d36dc03315d | 2025-08-08 |
| 4'690'381 | c9246f292a6fdc22d70e6e581898a026 | 2025-08-08 |
| 3'133'468 | 5d6cad172c5535e4b6b6bbd246571621 | 2025-08-08 |
| 1'407'509 | 3f8d79e42b0b7cecf379b1ddce4e422a | 2025-08-08 |
| 1'137'979 | 87914047e74de74a89c530e3bb19409e | 2025-08-08 |
| 854'877 | e4742a62fda2e64b586a5b84efe3f040 | 2025-08-03 |
| 617'269 | 2640d4b5d04a2d6756ecdf3ec765cc1a | 2025-08-08 |
| 491'868 | f34d5f2d4577ed6d9ceec516c1f5a744 | 2025-08-08 |
| 331'225 | 91f4b88d25daa33c7443253d9beb1bb3 | 2025-08-08 |
| 292'142 | dae02f32a21e03ce65412f6e56942daa | 2025-08-08 |
| 184'449 | c06ddfbe3366daddf0cfd3e63c1b5390 | 2025-08-08 |
| 172'618 | 2c2ad1dd2c57d1bd5795167a7236b045 | 2025-08-08 |
| 143'336 | 88478c1f74f94f7e1e9654193a1e02b3 | 2025-08-08 |
Top tlsh
Top tlsh observed on files scanned by YARAify in the past 14 months.
Top telfhash
Top telfhash observed on files scanned by YARAify in the past 12 months.