Threat Feed
file.exe
2026-06-08T16:36:59.695
malicious
Windows Exe (x86-32)
Close
file.exe
malicious
SHA256:
b49db194b7f2b72b55f68db30136dcceaca6332902528a63a2f09daac95d375c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Obscures a file's origin
3/5
Tries to open an unusually high number of parallel network connections
2/5
Connects to SMTP server
2/5
Delays execution
1/5
Checks external IP address
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Creates mutex
1/5
Content matched by YARA rules
Worm
sjVG7DJRGJ7W5qzy.exe
2026-06-08T16:32:53.525
malicious
Windows Exe (x86-64)
Close
sjVG7DJRGJ7W5qzy.exe
malicious
SHA256:
46fd7f94091cac5b7b353094d77a642a897d094f5d5766289368d70a6ff4e0bc
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Signed executable failed signature validation
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Timestamp manipulation
1/5
Content matched by YARA rules
1/5
Drops PE masquerading Filename
1/5
Resolves API functions dynamically
Spyware
snWnZGxmn8OFovPe.exe
2026-06-08T16:31:10.528
malicious
Windows Exe (x86-64)
Close
snWnZGxmn8OFovPe.exe
malicious
SHA256:
2fb86474d87788ebf22fe657ab49ba10602694f0f5e0d46e37f4b7bab100ac3c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
3/5
Tries to detect the presence of antivirus software
3/5
Uses HTTP to upload a large amount of data
3/5
Takes screenshot
3/5
Captures clipboard data
2/5
Suspicious content matched by YARA rules
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Schedules task
2/5
Searches for sensitive browser data
2/5
Delays execution
2/5
Reads sensitive browser data
2/5
Queries a host's domain name
2/5
Queries OS info via WMI
2/5
Collects hardware properties
1/5
URL contains a TLD highly associated with phishing
1/5
Enumerates running processes
1/5
Downloads file
1/5
Resolves API functions dynamically
1/5
Tries to connect using an uncommon port
1/5
Unusual large memory allocation
1/5
Downloads executable
1/5
Query Firmware Information
1/5
Creates process with hidden window
1/5
Creates mutex
Spyware
Downloader
xHWDoiD9iroDWWmb.exe
2026-06-08T16:30:21.873
malicious
Windows Exe (x86-64)
Close
xHWDoiD9iroDWWmb.exe
malicious
SHA256:
081efc68d0ab8a9885d3b5187a4f6774d286f5397d30563e68f10875b56d1bc9
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
3/5
Uses HTTP to upload a large amount of data
3/5
Captures clipboard data
2/5
Reads sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Queries a host's domain name
2/5
Delays execution
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Schedules task
1/5
Downloads file
1/5
Query Firmware Information
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Unusual large memory allocation
1/5
Tries to connect using an uncommon port
1/5
URL contains a TLD highly associated with phishing
1/5
Resolves API functions dynamically
1/5
Downloads executable
Spyware
Downloader
5nntmpGj1sw8HBcW.exe
2026-06-08T16:25:54.249
malicious
Windows Exe (x86-64)
Close
5nntmpGj1sw8HBcW.exe
malicious
SHA256:
43a74c8d036a2aeb159c838f1ded02780bd1152b60acfae77c293d1956993dfa
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
2/5
Searches for sensitive browser data
2/5
Sets up server that accepts incoming connections
2/5
Reads sensitive browser data
1/5
Performs DNS request
1/5
Creates process with hidden window
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
A monitored process crashed
1/5
Connects to remote host
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Enables process privileges
1/5
Timestamp manipulation
Injector