It’s been a while since I published some stats on a substantial corpora of samples, so here’s a quickie – re-visiting the compilation timestamp.

Three things to note:

• these stats are biased (I don’t have all the malware under the Sun)
• many samples in 2015-2016 show traces of compilation tampering so compilation timestamp is no longer reliable
• many malware samples are Delphi samples and their timestamps are wrong

Still… quasi-scientific pictures are always nice to look at 😉

• 3M samples, excluding non-sensical timestamps (I may investigate that spike in July 2015 one day):

• 3M samples, compilation time by the day of the month (end of the month = time to wrap it up and procrastinate):
  
• 3M samples, compilation time by the day of the week (weekends are defo a thing for everyone):
  
• 3M samples, compilation time by the hour (Europe is a malware cradle, apparently):
  
• 3M samples, compilation time by the hour:minute (I have no idea what it shows):