It’s been a while since I published some stats on a substantial corpora of samples, so here’s a quickie – re-visiting the compilation timestamp.
Three things to note:
- these stats are biased (I don’t have all the malware under the Sun)
- many samples in 2015-2016 show traces of compilation tampering so compilation timestamp is no longer reliable
- many malware samples are Delphi samples and their timestamps are wrong
Still… quasi-scientific pictures are always nice to look at 😉
- 3M samples, excluding non-sensical timestamps (I may investigate that spike in July 2015 one day):
- 3M samples, compilation time by the day of the month (end of the month = time to wrap it up and procrastinate):
- 3M samples, compilation time by the day of the week (weekends are defo a thing for everyone):
- 3M samples, compilation time by the hour (Europe is a malware cradle, apparently):
- 3M samples, compilation time by the hour:minute (I have no idea what it shows):