Threat Feed
rcx73f.exe
2025-07-19T04:30:26.216
malicious
Windows Exe (x86-32)
Close
rcx73f.exe
malicious
SHA256:
cb3b280a4dc3dab2565777e5cfaf3c15fbd6189b41f7e418b6e8b958b0866abf
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
4/5
Bypasses Windows User Account Control (UAC)
3/5
Executable modifies its own file
3/5
All network connection attempts failed
2/5
Schedules task via schtasks
2/5
Schedules task
2/5
Enumerates running processes
2/5
Sends control codes to a driver
2/5
Suspicious content matched by YARA rules
1/5
Creates mutex
1/5
Accesses volumes directly
1/5
Resolves API functions dynamically
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Installs system startup script or application
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Performs DNS request
1/5
Enables process privileges
1/5
Drops PE file
1/5
Executes dropped PE file
Backdoor
rcx3464.exe
2025-07-19T04:30:16.208
malicious
Windows Exe (x86-32)
Close
rcx3464.exe
malicious
SHA256:
19e0e410cf4bd028e4657c77f48c36f055f1c8eac4f570e489b74e8beea28c7b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Bypasses Windows User Account Control (UAC)
4/5
Modifies Windows Defender configuration
3/5
Executable modifies its own file
2/5
Schedules task
2/5
Suspicious content matched by YARA rules
2/5
Schedules task via schtasks
1/5
Writes an unusually large amount of data to the registry
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Modifies application directory
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Query OS Information
1/5
Installs system startup script or application
1/5
Modifies operating system directory
Backdoor
rcxaca.exe
2025-07-19T04:29:59.650
malicious
Windows Exe (x86-32)
Close
rcxaca.exe
malicious
SHA256:
65a5bee1ad31413900ec4b70eb08962f3c95a6b8a4f095ea5b687487af1041f4
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Bypasses Windows User Account Control (UAC)
4/5
Modifies Windows Defender configuration
3/5
Executable modifies its own file
2/5
Suspicious content matched by YARA rules
2/5
Schedules task
2/5
Schedules task via schtasks
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Installs system startup script or application
1/5
Resolves API functions dynamically
1/5
Query OS Information
1/5
Modifies operating system directory
1/5
Modifies application directory
Backdoor
rcx2713.exe
2025-07-19T04:29:59.259
malicious
Windows Exe (x86-32)
Close
rcx2713.exe
malicious
SHA256:
83dbc13849f8c7a10dfdc5f61b3a0d6c962744d2f63fcc3dff7063b2e88bd07e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Creates a new process masquerading as a system process
4/5
Modifies Windows Defender configuration
4/5
Bypasses Windows User Account Control (UAC)
3/5
All network connection attempts failed
3/5
Executable modifies its own file
2/5
Sends control codes to a driver
2/5
Creates a new process from a system binary
2/5
Suspicious content matched by YARA rules
2/5
Schedules task
2/5
Schedules task via schtasks
2/5
Enumerates running processes
1/5
Installs system startup script or application
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Query OS Information
1/5
Enables process privileges
1/5
Accesses volumes directly
1/5
Creates process with hidden window
1/5
Executes dropped PE file
1/5
Reads from memory of another process
1/5
Performs DNS request
1/5
Creates mutex
Backdoor
rcx1aea.exe
2025-07-19T04:29:00.715
malicious
Windows Exe (x86-32)
Close
rcx1aea.exe
malicious
SHA256:
03b087b904b4dea21a946ca44d244477e622af00635e71512c6ebae648685693
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Bypasses Windows User Account Control (UAC)
4/5
Modifies Windows Defender configuration
3/5
All network connection attempts failed
3/5
Executable modifies its own file
2/5
Sends control codes to a driver
2/5
Suspicious content matched by YARA rules
2/5
Schedules task
2/5
Schedules task via schtasks
2/5
Enumerates running processes
1/5
Drops PE file
1/5
Enables process privileges
1/5
Executes dropped PE file
1/5
Query OS Information
1/5
Modifies operating system directory
1/5
Installs system startup script or application
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Accesses volumes directly
1/5
Performs DNS request
1/5
Resolves API functions dynamically
Backdoor