Package Efficacy Report

We compile the most searched-for threats from the MetaDefender Cloud database over the past month, and you can see them below along with data about how well they are detected by our MetaDefender Core Packages.

Detection Efficacy Overview

MetaDefender Core Package	4 Engines	8 Engines	10 Engines	12 Engines	15 Engines	16 Engines	20 Engines	ISV Package	Max Engines
Detection of top 10000 threats	87.3%	89.9%	91.2%	92.3%	95.5%	95.1%	96.4%	98.5%	99.2%
The most searched for threats on MetaDefender Cloud based on user requests. For a complete list see our licensing page.

MetaDefender Core Package

4 Engines

8 Engines

10 Engines

12 Engines

15 Engines

16 Engines

20 Engines

ISV Package

Max Engines

Detection of top 10000 threats

87.3%

89.9%

91.2%

92.3%

95.5%

95.1%

96.4%

98.5%

99.2%

The most searched for threats on MetaDefender Cloud based on user requests.

For a complete list see our licensing page.

Threat Detection Matrix

Please note that the detection data comes from Software Development Kit (SDK) and Command Line Interface (CLI) package versions of these anti-malware engines, using static analysis only, and not from endpoint desktop applications which may be capable of enhanced behavioral and other dynamic analysis, so detection results may differ significantly from commercial endpoint performance. The data below should not be used for comparing the performance of desktop or server anti-malware applications

To emphasize the value of multi-scanning, we wanted to show how the OPSWAT MetaDefender Core packages can detect the top threats on our list. As more scan engines are added, more of the top threats are detected, indicating the value added with each MetaDefender Core Packages increment. 100% detection is considered to be the free version of MetaDefender Cloud because it contains the biggest number of engines. Although this package is not available commercially, we use it for demo and analytics purposes. Optimizations are incorporated in our algorithms to avoid deviations by false positives

Most searched threats on MetaDefender Cloud over the past 30 days

Detected Threat	4 Engines	8 Engines	10 Engines	12 Engines	15 Engines	16 Engines	20 Engines	ISV Package	Max Engines
Trojan/Generic!SDEdyktI
Trojan/Threat!rAQe4Wo1
Unknown/Trojanpsw!47XgE6Hi
Unknown/Zbot!qyZDRdnl
Adware/Dealply!NewnLYd3
Trojan/Coinminer!BQbID3iQ
Unknown/Delf!qit0EkVV
Trojan/Genome!b0gIj0GM
Unknown/Malicious!mVceJQZv
Unknown/Delf!kEKxTUow
Trojan/Coinminer!LAkQXDYP
Trojan/Autorun!dwrL7Enf
RemoteAccess/Ramnit!LrWCQth6
Trojan/Emotet!aAqYv2UB
Unknown/Generic!paRtizfT
VirTool/Virut!UZgjRBgZ
Trojan/Autorun!JG5AlsIQ
Trojan/Dropper!L6ohWXIH
Hacktool/Kms_hacktool!PxZX1R7t
Trojan/Manbat!vZvUnli2
Unknown/Ipamor!fyEa2oEb
Virus/Floxif!VgUYIvxG
Trojan/Floxif!HbMzryq8
Unknown/Threat!CWblnq1i
Trojan/Mgde!u6QmsBcW
Adware/Dealply!dBiRf8OO
Trojan/Crossrider!5lHlBrP5
Trojan/Floxif!pmIiOEvB
Trojan/Malware!xGzn8Mer
Trojan/Malware!3JsfNmNI
Unknown/Chir!RFg6sZ8b
Unknown/Wapomi!DlVnhg6L
Adware/Crossrider!DVn5UC4o
Unknown/Eldorado!DTngtYYl
PUA/Unknown!dy2721BU
Trojan/Suip!oJSb9pBi
Trojan/Malware!Tyv7AG1R
VirTool/Virut!4pOWIH6Z
Trojan/Floxif!1vQBNhPj
VirTool/Virut!BzwUd4MA
Unknown/Coinminer!xDZMbukM
Trojan/Msil!55WqgMK1
Unknown/Sality!wmOhNrw8
Virus/Malware!fAw9Dm4J
Trojan/Msil!blwHdJrV
Unknown/Confidence!O2nZmdLd
Trojan/Msil!9mfWvPwz
Unknown/Linux!Iipl9sjb
Trojan/Genericrxmh!0tnyNvwv
Trojan/Schoolgirl!4GdxxR4U
Worm/Sytro!pXVSgY1R
Trojan/Ursnif!EMETR7TY
Trojan/Fsysna!uTIvVaXI
VirTool/Virut!x5KFc0iK
Trojan/Floxif!2wv3QU2m
Hacktool/Kms_hacktool!og0mfhtx
Trojan/Zusy!ZY1ihkUH
Trojan/Emotet!uj4CIl8g
Unknown/Threat!rgg7HW2W
Trojan/Farfli!bozZX6Cd
Unknown/Trojandownloader!x6vjLxAl
Unknown/Confidence!B7fVPV0M
Trojan/Malware!gHbft4kt
Trojan/Floxif!POxVvfvK
VirTool/Virut!qAIcpDyr
PUA/Unknown!xL2PJN2K
Unknown/Ipamor!WvJ0bWMj
Trojan/Lolbot!SU5DizBV
Unknown/Ipamor!N910Szk5
Trojan/Hotkeys!gdo4NJu0
Backdoor/Ircbot!96ef97
Hacktool/Kms_hacktool!mtazzw
Adware/Installtoolbar!4bffea
Trojan/Generic!5cff5a
Trojan/Injector!be626e
Trojan/Android!pAEbuo22
Trojan/Revmob!qqDQSKFk
Trojan/Mecor!htAZ9r8x
Trojan/Android!4fiFt07G
Trojan/Android!ugonyPKA
Adware/Airpush!sudpBvtT
Trojan/Heur!Taeb6u5Z
Unknown/Dorifel!X6HJT6sB
Trojan/Vbkrypt!eCiUoXNr
Adware/Neoreklami!1002pBjC
Trojan/Msil!aKaPONtX
Trojan/Variant!IYbw77LZ
Unknown/Uniblue!IcDV4Awp
Trojan/Malicious!4NRfh64s
Unknown/Fokp!JPspddoz
Trojan/Vobfus!1Ywb74bf
Trojan/Cryxos!kgVndquK
Unknown/Trojandropper!nXbuCzi4
Trojan/Delf!Y3RCBsCn
Trojan/Malicious!31lmhKAL
Trojan/Malicious!RPysJvIh
Unknown/Wapomi!NTqFiwLR
Trojan/Malicious!wzArJ6fP
Trojan/Emotet!jnLVK3XF
Trojan/Phishing!QQkMrDGE

Want to Know When New Reports Are Out?

Join our email list to stay up to date on the security landscape.

FAQs

Here are the most frequently asked questions

How did we get this data?

Most searched threats on MetaDefender Cloud over the past 30 days
Must be detected as malicious by at least 3 engines
Rescanned every day to update the number of engines detecting the threat
Includes only binary executable files

The threats listed above are the most searched-for threats from our database of hashes over the last 30 days. The hashes come from files that have been uploaded to MetaDefender Cloud, and we filter these down to those that have been flagged as malicious by three or more antivirus engines: we do this in order to limit false positives, or incorrect threat detections. We did a few internal tests to find the "sweet spot" of the minimum number of engines to detect the threat and determined that three worked best for our data. We didn’t want too low of a minimum, which could yield too many false positives, but too high of a minimum could eliminate real, new, interesting threats
Many of the hash searches on MetaDefender Cloud are performed as part of endpoint risk assessment, so many of the top threats you will see are Windows and Mac system and process files. Threats that are found most commonly in email attachments, for example, may not show here. We do include Potentially Unwanted Programs (PUPs) and Potentially Unwanted Applications (PUAs) in the top threats; while they may not actually be considered malware, their behavior and use can still have unintended security or privacy impacts, and many antivirus engines are flagging these types of applications as adware, grayware, toolbars, etc

Are these engines used by MetaDefender Core configured the same as my installed antivirus?

No. The anti-malware engines we use on MetaDefender Cloud are SDK and CLI packages using signature and heuristic-based detection methods, or static analysis. With static analysis, the file is not executed, but is analyzed for malicious patterns and checked for known malware signatures. Antivirus products installed on your computer often also make use of dynamic analysis, in which the behavior of the file is observed. Behavioral detection methods, often using a sandbox environment to execute the file, can identify malicious activity that only occurs at runtime and that would not be caught by static analysis. For this reason, as well as because of the variability in configurations in any individual or company’s deployment of their antivirus product, the results we show here may not match the results you would observe from your installed antivirus software
The results here only indicate detection of a threat, not necessarily the ability to quarantine, clean, delete or otherwise remediate the threat. When determining the effectiveness of any anti-malware product for protecting an endpoint machine, it is important to evaluate its ability to detect as well as to remediate threats. This data does not address threat remediation

How can I use this data?

No single anti-malware engine is perfect 100% of the time, and using multiple engines to scan for threats allows you to take advantage of the strengths of each individual engine and to guarantee the earliest possible detection. While the data above shows only a subset of the most common threats in the wild and utilizes only the Windows-based anti-malware engines in MetaDefender Cloud, it provides an indication of the variability of detection rates of common malware by the anti-malware community. You can use this data to investigate current threats as well as to watch detection of new threats grow over time
In addition, command line versions of anti-malware products are often integrated into a spam filter or web security product, and these results may provide more insight for those implementations, though the specific configuration can also affect detection rates

Disclaimers - This data is not for comparing engine solutions

MetaDefender Cloud intends to be an unbiased service, not promoting one engine over another, and the data above is not intended for comparing the performance of specific engines, for reasons including:

This data comes from SDK and CLI packages, not from endpoint or desktop applications
This data uses static analysis only, not dynamic analysis
This data comes from MetaDefender Cloud search traffic only
This data does not provide an indication for how well an application can protect your computer

A note on privacy and sample sharing

Unless using private processing (available only for commercial users), files uploaded to MetaDefender Cloud might be shared with the antivirus engine vendors to help in improving their services and products. Please see our Privacy Policy