Threat Feed
dYOTBPCNORtVx8sW.exe
2026-05-17T07:32:12.609
malicious
Windows Exe (x86-64)
Close
dYOTBPCNORtVx8sW.exe
malicious
SHA256:
0c8653b27836eedf17e11a94a9af1f4bd9a49ba2b64fd51033240f3a2bdb1aa4
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Captures clipboard data
3/5
Tries to detect the presence of antivirus software
3/5
Suspicious content matched by YARA rules
3/5
Uses HTTP to upload a large amount of data
2/5
Reads sensitive browser data
2/5
Collects hardware properties
2/5
Queries a host's domain name
2/5
Suspicious content matched by YARA rules
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Searches for sensitive browser data
2/5
Queries OS info via WMI
1/5
Creates process with hidden window
1/5
Tries to connect using an uncommon port
1/5
Query Firmware Information
1/5
Enumerates running processes
1/5
Downloads file
Spyware
q2jo7yAgsQQbigB4.exe
2026-05-17T07:27:49.624
malicious
Windows Exe (x86-32)
Close
q2jo7yAgsQQbigB4.exe
malicious
SHA256:
dfcae67d0f749f191ef97662a023488796bdde1cd3b3634dfcd1da5949466694
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Enables critical process privileges
2/5
Allows invalid SSL certificates
1/5
Enumerates running processes
1/5
Installs system service
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
URL contains a TLD highly associated with phishing
1/5
Drops PE file
1/5
Enables process privileges
1/5
Executes dropped PE file
1/5
Modifies operating system directory
1/5
Creates mutex
Ransomware
5cUC6KpllEc8TisA.exe
2026-05-17T07:24:31.242
malicious
Windows Exe (x86-32)
Close
5cUC6KpllEc8TisA.exe
malicious
SHA256:
d3472f368c74777e9e403edc4d39c9d5191b66b2a6ee0118958934c57c80f1c0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Enables critical process privileges
2/5
Allows invalid SSL certificates
1/5
Performs DNS request
1/5
Connects to remote host
1/5
URL contains a TLD highly associated with phishing
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
The binary file was created with a packer
1/5
Executes dropped PE file
1/5
Installs system service
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Modifies operating system directory
1/5
Creates mutex
Ransomware
3OfFZiVgA6pvmsGu.exe
2026-05-17T07:19:35.252
malicious
Windows Exe (x86-32)
Close
3OfFZiVgA6pvmsGu.exe
malicious
SHA256:
92e3cf43e4c0b4175a5f1520192c07745187a86b9c735bc11d340d4a43abec14
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
3/5
Captures clipboard data
3/5
Monitors user input
3/5
Reads installed applications
2/5
Searches for sensitive browser data
2/5
Deletes file after execution
2/5
Searches for sensitive application data
2/5
Searches for sensitive mail data
2/5
Schedules task
2/5
Delays execution
1/5
Enumerates running processes
1/5
Checks Internet connection
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Enables process privileges
1/5
Executes dropped PE file
1/5
Possibly does reconnaissance
1/5
Creates process with hidden window
1/5
Installs system service
1/5
Modifies operating system directory
Spyware
YUf60ilDwssjSvou.exe
2026-05-17T07:19:20.023
malicious
Windows Exe (x86-32)
Close
YUf60ilDwssjSvou.exe
malicious
SHA256:
88ee14df790da5bbeede2e3c1759d4935a3cafb3f27ab45d641b0284ad66367e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
1/5
Modifies application directory
1/5
Tries to detect debugger
1/5
Creates process with hidden window
1/5
Drops PE file
1/5
Timestamp manipulation
1/5
Creates a page with write and execute permissions