Threat Feed
TmToZqpFHY7zZVIm.dll
2026-05-29T20:19:49.551
malicious
Windows DLL (x86-32)
Close
TmToZqpFHY7zZVIm.dll
malicious
SHA256:
862ed775ef14349c4396bbfac611175d3d11d26967d8bb747852b0c4e090f198
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Masks file extension
4/5
Loads a dropped DLL into a system binary
2/5
Delays execution
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
DLdNC3tBdxr4lUbK.exe
2026-05-29T20:19:42.324
malicious
Windows Exe (x86-32)
Close
DLdNC3tBdxr4lUbK.exe
malicious
SHA256:
8ae9a4acc77aa84543327c76d73a65ae58091b576a56e5cd0323d879033aa6c0
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Rename system utilities
4/5
Loads a dropped DLL into a system binary
3/5
All network connection attempts failed
2/5
Delays execution
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Creates mutex
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Installs system service
1/5
Performs DNS request
1/5
Resolves API functions dynamically
1/5
Drops PE file
1OByosU1xAyNqYYi.exe
2026-05-29T20:19:30.783
malicious
Windows Exe (x86-32)
Close
1OByosU1xAyNqYYi.exe
malicious
SHA256:
c2493ec6beef01404317d2e772f4702b2f5bc41f7921fcd3848ad87dfe134013
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Deletes user files
4/5
Loads a dropped DLL into a system binary
4/5
Rename system utilities
3/5
Office macro uses a file I/O function
3/5
Performs DNS request for known DDNS domain
3/5
Modifies native system functions
2/5
Creates an unusually large number of processes
2/5
Office macro uses a suspicious function
2/5
Delays execution
2/5
Executes dropped PE masquerading Filename
2/5
Deletes file after execution
2/5
Sets up server that accepts incoming connections
2/5
Searches for sensitive remote access configuration data
2/5
Office macro uses a network function
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive password manager data
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Office macro uses an execute function
2/5
Tries to detect virtual machine
1/5
Installs system service
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Checks Internet connection
1/5
Reads mouse position
1/5
Executes WMI query
1/5
Performs DNS request
1/5
Downloads file
1/5
Modifies operating system directory
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Contains suspicious Office macro
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Enumerates running processes
Backdoor
Wiper
KimY0k8D7VPEbnni.exe
2026-05-29T20:18:50.551
malicious
Windows Exe (x86-32)
Close
KimY0k8D7VPEbnni.exe
malicious
SHA256:
bcd407681e863eb230bfdaf4efbf1b8893d9b6e48cfeb1d96ca1c82fe05a6aae
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Loads a dropped DLL into a system binary
4/5
Rename system utilities
3/5
All network connection attempts failed
2/5
Delays execution
2/5
Deletes file after execution
1/5
Performs DNS request
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Installs system service
1/5
Enumerates running processes
1/5
Modifies operating system directory
1/5
Possibly does reconnaissance
1/5
Creates process with hidden window
1/5
Creates mutex
http://suportebritto.com
2026-05-29T20:15:50.805
malicious
URL
Close
http://suportebritto.com
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Page uses exact favicon of an online financial service
2/5
Unsecured data
1/5
Page presents itself as a logon page
Phishing