Statistics
YARAIfy produces various statistics on files scanned by YARAify, including their detections. The available statistics can be found below.
File Scans
The chart below shows the number of file scans conducted by YARAify over the past 30 days.
Data Scanned
This chart shows the amount of data scanned in Megabytes over the past 30 days.
API requests
The illustration below documents the number of API requests over the past 30 days.
Most matching YARA rules
YARA rules that matched most on files scanned on YARAify in the past 14 days.
| Task count | YARA Rule | Author | Last match |
|---|---|---|---|
| 3'247'020 | maldoc_getEIP_method_1 | Didier Stevens (https://DidierStevens.com) | 2023-11-30 |
| 3'236'104 | meth_get_eip | Willi Ballenthin | 2023-11-30 |
| 3'132'284 | QbotStuff | anonymous | 2023-11-30 |
| 226'410 | DebuggerCheck__API | 2023-11-30 | |
| 159'468 | maldoc_find_kernel32_base_method_1 | Didier Stevens (https://DidierStevens.com) | 2023-11-30 |
| 130'418 | NET | malware-lu | 2023-11-30 |
| 123'572 | Check_Dlls | 2023-11-30 | |
| 109'636 | SUSP_XORed_URL_in_EXE_RID2E46 | Florian Roth | 2023-11-30 |
| 109'578 | SUSP_XORed_URL_In_EXE | Florian Roth (Nextron Systems) | 2023-11-30 |
| 82'607 | malware_shellcode_hash | JPCERT/CC Incident Response Group | 2023-11-30 |
| 81'281 | SHA512_Constants | phoul (@phoul) | 2023-11-30 |
| 80'124 | SHA1_Constants | phoul (@phoul) | 2023-11-30 |
| 80'124 | RIPEMD160_Constants | phoul (@phoul) | 2023-11-30 |
| 77'808 | MD5_Constants | phoul (@phoul) | 2023-11-30 |
| 66'696 | DebuggerException__SetConsoleCtrl | 2023-11-30 |
Most matching ClamAV signature
ClamAV signature that matched most on files scanned on YARAify in the past 14 days.
| Task count | ClamAV Signature | Last match |
|---|---|---|
| 3'093'454 | PUA.Win.Packer.Lccwin-2 | 2023-11-30 |
| 2'065'163 | Win.Trojan.Obfus-38 | 2023-11-30 |
| 1'326'272 | Win.Trojan.Qukart-6874817-0 | 2023-11-30 |
| 977'227 | Win.Malware.Qukart-6838239-0 | 2023-11-30 |
| 910'750 | 2023-11-30 | |
| 896'516 | Win.Trojan.Padodor-9877164-0 | 2023-11-30 |
| 550'618 | Win.Trojan.Berbew-10013977-0 | 2023-11-30 |
| 315'512 | Win.Trojan.Crypted-29 | 2023-11-30 |
| 312'224 | Win.Trojan.Crypted-30 | 2023-11-30 |
| 264'099 | Win.Trojan.Berbew-9845290-1 | 2023-11-30 |
| 255'953 | Win.Malware.Padodor-10012877-0 | 2023-11-30 |
| 231'536 | Win.Packed.Razy-10010080-0 | 2023-11-30 |
| 204'077 | Win.Packed.Razy-10009896-0 | 2023-11-30 |
| 202'784 | Win.Packed.Lazy-10005437-0 | 2023-11-30 |
| 201'864 | Win.Trojan.Crypted-28 | 2023-11-30 |
Most seen files
Most seen files scanned by YARAify in the past 14 days.
Top dhash icon
Top dhash icon observed on files scanned by YARAify in the past 14 days.
| Task count | dhash icon | Last seen |
|---|---|---|
| 17'747 | 69ccd4d49696cc71 | 2023-11-30 |
| 13'711 | 1003873db9313e10 | 2023-11-30 |
| 8'574 | 9919aca682a881a9 | 2023-11-30 |
| 5'842 | 1003873d31213f10 | 2023-11-30 |
| 5'234 | 00ccc4d0c4fc7c00 | 2023-11-30 |
| 4'716 | 526e32661e3a2a10 | 2023-11-30 |
| 4'454 | 818da080a0a0a0a2 | 2023-11-30 |
| 4'318 | f8f0f4c8c8c8d8f0 | 2023-11-30 |
| 3'996 | d8d0d4d8ececece4 | 2023-11-30 |
| 3'510 | 04ccfee2ece4a484 | 2023-11-30 |
| 3'234 | b298acbab2ca7a72 | 2023-11-30 |
| 2'691 | 1ad2a38edcb6b2dc | 2023-11-30 |
| 2'322 | 5ab3a5b332c482a0 | 2023-11-30 |
| 1'820 | 00ca80c2c2808200 | 2023-11-30 |
| 1'538 | bae2e5e7e5a5a69a | 2023-11-30 |
Top imphash
Top imphash observed on files scanned by YARAify in the past 14 days.
| Task count | imphash | Last seen |
|---|---|---|
| 1'475'210 | 46f03ef2495b21d7ad3e8d36dc03315d | 2023-11-30 |
| 534'036 | 6db997463de98ce64bf5b6b8b0f77a45 | 2023-11-30 |
| 493'757 | 4dcbc0931c6f88874a69f966c86889d9 | 2023-11-30 |
| 261'380 | c9246f292a6fdc22d70e6e581898a026 | 2023-11-30 |
| 118'313 | e4742a62fda2e64b586a5b84efe3f040 | 2023-11-30 |
| 112'803 | 87914047e74de74a89c530e3bb19409e | 2023-11-30 |
| 41'209 | 3f8d79e42b0b7cecf379b1ddce4e422a | 2023-11-30 |
| 28'565 | 91f4b88d25daa33c7443253d9beb1bb3 | 2023-11-30 |
| 26'338 | 2c2ad1dd2c57d1bd5795167a7236b045 | 2023-11-30 |
| 21'462 | f34d5f2d4577ed6d9ceec516c1f5a744 | 2023-11-30 |
| 19'399 | dae02f32a21e03ce65412f6e56942daa | 2023-11-30 |
| 17'998 | 0141f24aaf1b810b9fcc5f6886f26f14 | 2023-11-29 |
| 15'495 | a3df475500e5e30f4680b397c2ee13f1 | 2023-11-30 |
| 11'898 | be6fa16f501de575a1d8eaaac5246ba0 | 2023-11-30 |
| 6'068 | 5271d5ce8b44dd47bc92563e27585466 | 2023-11-30 |
Top tlsh
Top tlsh observed on files scanned by YARAify in the past 14 days.
Top telfhash
Top telfhash observed on files scanned by YARAify in the past 14 days.
File Scans
The chart below shows the number of file scans conducted by YARAify over the past 12 months.
Data Scanned
This chart shows the amount of data scanned in Megabytes over the past past 12 months.
API requests
The illustration below documents the number of API requests over the past past 12 months.
Most matching YARA rules
YARA rules that matched most on files scanned on YARAify in the past 12 months.
| Task count | YARA Rule | Author | Last match |
|---|---|---|---|
| 14'733'645 | meth_get_eip | Willi Ballenthin | 2023-11-30 |
| 12'732'880 | QbotStuff | anonymous | 2023-11-30 |
| 11'269'797 | maldoc_getEIP_method_1 | Didier Stevens (https://DidierStevens.com) | 2023-11-30 |
| 1'388'801 | DebuggerCheck__API | 2023-11-30 | |
| 1'063'326 | pdb_YARAify | @wowabiy314 | 2023-05-30 |
| 935'811 | NET | malware-lu | 2023-11-30 |
| 805'545 | maldoc_find_kernel32_base_method_1 | Didier Stevens (https://DidierStevens.com) | 2023-11-30 |
| 741'150 | UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | malware-lu | 2023-11-30 |
| 655'137 | UPXv20MarkusLaszloReiser | malware-lu | 2023-11-30 |
| 624'538 | BitcoinAddress | Didier Stevens (@DidierStevens) | 2023-11-30 |
| 587'331 | shellcode | nex | 2023-11-30 |
| 559'795 | pe_imphash | 2023-11-30 | |
| 559'794 | Skystars_Malware_Imphash | Skystars LightDefender | 2023-11-30 |
| 541'465 | malware_shellcode_hash | JPCERT/CC Incident Response Group | 2023-11-30 |
| 528'484 | command_and_control | CD_R0M_ | 2023-11-30 |
Most matching ClamAV signature
ClamAV signature that matched most on files scanned on YARAify in the past 12 Mmonths.
| Task count | ClamAV Signature | Last match |
|---|---|---|
| 9'888'914 | PUA.Win.Packer.Lccwin-2 | 2023-11-30 |
| 6'612'231 | Win.Trojan.Obfus-38 | 2023-11-30 |
| 4'402'328 | Win.Trojan.Qukart-6874817-0 | 2023-11-30 |
| 2'990'742 | Win.Malware.Qukart-6838239-0 | 2023-11-30 |
| 2'925'708 | Win.Trojan.Padodor-9877164-0 | 2023-11-30 |
| 1'655'140 | Win.Malware.Dqqw-9951425-0 | 2023-11-30 |
| 1'651'699 | Win.Malware.Zusy-6804618-0 | 2023-11-30 |
| 1'651'693 | Win.Trojan.QQPass-5710308-0 | 2023-11-30 |
| 1'490'324 | 2023-11-30 | |
| 1'441'801 | Win.Trojan.Crypted-29 | 2023-11-30 |
| 1'438'609 | Win.Trojan.Crypted-30 | 2023-11-30 |
| 786'984 | Win.Trojan.Crypted-28 | 2023-11-30 |
| 758'383 | Win.Trojan.Berbew-10013977-0 | 2023-11-30 |
| 721'747 | Win.Trojan.Berbew-9845290-1 | 2023-11-30 |
| 720'802 | Win.Malware.Zusy-6878655-0 | 2023-11-30 |
Most seen files
Most seen files scanned by YARAify in the past 12 months.
Top dhash icon
Top dhash icon observed on files scanned by YARAify in the past 12 months.
| Task count | dhash icon | Last seen |
|---|---|---|
| 121'807 | 69ccd4d49696cc71 | 2023-11-30 |
| 64'405 | f8f0f4c8c8c8d8f0 | 2023-11-30 |
| 30'672 | 9919aca682a881a9 | 2023-11-30 |
| 22'232 | 1003873db9313e10 | 2023-11-30 |
| 17'237 | 1003873d31213f10 | 2023-11-30 |
| 15'468 | 818da080a0a0a0a2 | 2023-11-30 |
| 10'674 | 00ccc4d0c4fc7c00 | 2023-11-30 |
| 9'245 | 04ccfee2ece4a484 | 2023-11-30 |
| 8'836 | b298acbab2ca7a72 | 2023-11-30 |
| 8'530 | 526e32661e3a2a10 | 2023-11-30 |
| 7'088 | d8d0d4d8ececece4 | 2023-11-30 |
| 6'342 | 399998ecd4d46c0e | 2023-11-30 |
| 5'471 | 9494b494d4aeaeac | 2023-11-30 |
| 3'877 | 1ad2a38edcb6b2dc | 2023-11-30 |
| 3'585 | e0e4a2aaa4b8a888 | 2023-11-30 |
Top imphash
Top imphash observed on files scanned by YARAify in the past 12 months.
| Task count | imphash | Last seen |
|---|---|---|
| 5'085'305 | 46f03ef2495b21d7ad3e8d36dc03315d | 2023-11-29 |
| 1'926'912 | 4dcbc0931c6f88874a69f966c86889d9 | 2023-11-29 |
| 1'815'237 | 6db997463de98ce64bf5b6b8b0f77a45 | 2023-11-29 |
| 1'646'556 | 2c2ad1dd2c57d1bd5795167a7236b045 | 2023-11-29 |
| 754'965 | c9246f292a6fdc22d70e6e581898a026 | 2023-11-29 |
| 559'299 | f34d5f2d4577ed6d9ceec516c1f5a744 | 2023-11-29 |
| 443'885 | e4742a62fda2e64b586a5b84efe3f040 | 2023-11-29 |
| 426'001 | dae02f32a21e03ce65412f6e56942daa | 2023-11-29 |
| 363'500 | 87914047e74de74a89c530e3bb19409e | 2023-11-29 |
| 327'033 | a3df475500e5e30f4680b397c2ee13f1 | 2023-11-29 |
| 195'555 | 84706849fa809feaa385711a628be029 | 2023-11-29 |
| 178'944 | be6fa16f501de575a1d8eaaac5246ba0 | 2023-11-29 |
| 174'389 | 0141f24aaf1b810b9fcc5f6886f26f14 | 2023-11-25 |
| 148'836 | 646167cce332c1c252cdcb1839e0cf48 | 2023-11-29 |
| 143'664 | 91f4b88d25daa33c7443253d9beb1bb3 | 2023-11-29 |
Top tlsh
Top tlsh observed on files scanned by YARAify in the past 14 months.
Top telfhash
Top telfhash observed on files scanned by YARAify in the past 12 months.