This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.


Ether Malware Analysis Dataset
External Dataset
External Data Source
University of Arizona Artificial Intelligence Lab, AZSecure-data
56 (lowest rank is 56)

Category & Restrictions

cyber attack, malware, honeypots, cyber defense


Ether is a malware analysis framework which leverages hardware virtualization extensions (specifically Intel VT) to remain transparent to malicious software. This dataset contains 25,118 unique malware instances used to test EtherUnpack against packed malware.

Collection method: Samples were collected between January and March 2008 from honeypots, mail filters, proxy monitors, web crawling, file sharing networks, and other sources. To classify the samples, we surveyed them using PEiD, a signature-based packer detector, and a PEiD signature database from SANS ISC. The resulting set consisted of 25,118 malware instances, unique according to MD5 value.

Date range of data: January - March 2008

Number of malware instances: 25,118

Additional Details

malware, dataset, analysis, ether, ether malware analysis dataset, 1293, corporation, inferlink, external, inferlink corporation, source, external data source, instances, 118, unique, malicious, extensions, vt, transparent, leverages, framework, packed, remain, etherunpack, test, virtualization, intel, software, hardware, january, march, 2008, peid, samples, signature, proxy, packer, filters, honeypots, surveyed, isc, collected, mail, method, consisted, crawling, detector, monitors, classify, sharing, based, sources, sans, range, networks, other, database, file, web, md5