recently while observing the VT feed we noticed that 7-10% of samples distributed (!) were infected by similar file infectors. a handful of yara rules filters these junk files out before we pass them to capa and friends for analysis. https://twitter.com/NathanBrubaker/status/1453398674130800641