Threat Feed
QWruw1H63aTKJPJe.exe
2025-04-04T01:22:39.300
malicious
Windows Exe (x86-32)
Close
QWruw1H63aTKJPJe.exe
malicious
SHA256:
8eabaeac9ea70a1391d8133d7c1b5d0b16c0527f6c834a690c5ab0cc48fdb049
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Malicious file detected via reputation
3/5
Tries to evade debugger
2/5
Searches for sensitive browser data
2/5
Delays execution
2/5
Sends control codes to a driver
1/5
Creates mutex
1/5
Drops PE file
1/5
Modifies operating system directory
1/5
Accesses volumes directly
1/5
Resolves API functions dynamically
Worm
tYJxHOqMu1RoRxh1.exe
2025-04-04T01:22:02.302
malicious
Windows Exe (x86-32)
Close
tYJxHOqMu1RoRxh1.exe
malicious
SHA256:
1fa9dd23c34f22d409231b08e7d868b79ff8f0a6d9a7758bc6885e66c849c007
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious host or URL detected via reputation
3/5
Captures clipboard data
2/5
Accesses physical drive
2/5
Sends control codes to a driver
2/5
Delays execution
2/5
Reads network adapter information
2/5
Sets up server that accepts incoming connections
2/5
Signed executable failed signature validation
1/5
Resolves API functions dynamically
1/5
Performs DNS request
1/5
Creates process with hidden window
1/5
Executes dropped PE file
1/5
Tries to connect using an uncommon port
1/5
Installs system startup script or application
1/5
Modifies operating system directory
1/5
Connects to remote host
1/5
Creates mutex
1/5
Creates a page with write and execute permissions
Spyware
7bb2dae241c74d45074e095218c7faa0.exe
2025-04-04T00:58:20.493
malicious
Windows Exe (x86-64)
Close
7bb2dae241c74d45074e095218c7faa0.exe
malicious
SHA256:
a221288680e20b7e1a5879c4c646f7ffc95ec663790754e7fed75d988fa0a8c6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies content of user files
4/5
Uses a double file extension
4/5
Malicious file detected via reputation
4/5
Masks file extension
2/5
Tries to detect application sandbox
1/5
Installs system startup script or application
1/5
Possibly does reconnaissance
1/5
Executes dropped PE file
1/5
Resolves API functions dynamically
1/5
Modifies operating system directory
1/5
Drops PE file
1/5
Performs DNS request
1/5
Modifies application directory
Ransomware
liclua.exe
2025-04-04T00:58:06.671
malicious
Windows Exe (x86-32)
Close
liclua.exe
malicious
SHA256:
817948d374a097325a98695c54bf0c768c56b48bb5d0c87c23bc9c24535e1e2c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Malicious file detected via reputation
3/5
Tries to evade debugger
2/5
Sends control codes to a driver
2/5
Searches for sensitive browser data
1/5
Accesses volumes directly
1/5
Resolves API functions dynamically
1/5
Modifies operating system directory
1/5
Creates mutex
1/5
Drops PE file
Worm
xStealer.exe
2025-04-04T00:57:47.720
malicious
Windows Exe (x86-64)
Close
xStealer.exe
malicious
SHA256:
b118975cd5ef1e7f5102e2f47ab7d209dbf413e6fe7776c935f25a0915f5c584
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious file detected via reputation
4/5
Malicious content matched by YARA rules
3/5
Tries to detect the presence of antivirus software
3/5
Takes screenshot
2/5
Reads network adapter information
2/5
Collects hardware properties
2/5
Reads sensitive browser data
2/5
Searches for sensitive browser data
1/5
Performs DNS request
1/5
A monitored process crashed
1/5
Enables process privileges
1/5
Executes WMI query
1/5
Connects to remote host
1/5
Resolves API functions dynamically
1/5
Checks external IP address
1/5
Possibly does reconnaissance
Spyware