Threat Feed | Online Malware Sandbox

Windows Exe (x86-32)

fc2e4de9d1f9db26c80045c0180585df4db5571f8da4b986b18576a92c332423.exe

malicious

SHA256: fc2e4de9d1f9db26c80045c0180585df4db5571f8da4b986b18576a92c332423

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Deletes file after execution

2/5

Suspicious content matched by YARA rules

1/5

Enables process privileges

1/5

Monitors mouse movements and clicks

1/5

Query OS Information

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

Executes dropped PE file

1/5

Timestamp manipulation

1/5

Creates process with hidden window

1/5

Accesses volumes directly

1/5

Modifies application directory

1/5

Reads mouse position

enE7sKvEtI9kbUla.exe

2026-03-25T18:13:27.766

Windows Exe (x86-32)

enE7sKvEtI9kbUla.exe

malicious

SHA256: fddab2b1582e72325945e0063d1b933a6320af5c68a8dd6bcd7e01ef64d5e3a7

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Hides files

1/5

Possibly does reconnaissance

1/5

Obfuscates control flow

1/5

Resolves API functions dynamically

1/5

Creates an unusually large number of files

1/5

Creates a page with write and execute permissions

1/5

Drops PE file

1/5

Modifies application directory

Virus

PmulSocHjISIxlJf.exe

2026-03-25T18:12:52.794

Windows Exe (x86-32)

PmulSocHjISIxlJf.exe

malicious

SHA256: f3d386cce13160dbc688e3c3d0cdbfafeee5a8af8c82cd2ed3ad765d293cfafa

VMRay Threat Identifiers

Severity

Operation

5/5

Stealc configuration was extracted

5/5

Malicious content matched by YARA rules

4/5

Writes into the memory of another process

4/5

Modifies control flow of another process

4/5

Process Hollowing

1/5

Creates a page with write and execute permissions

1/5

Unusual large memory allocation

1/5

Resolves API functions dynamically

1/5

Reads from memory of another process

1/5

Creates process with hidden window

Spyware

Injector

3zKsNOE5aZ0EYY9l.exe

2026-03-25T18:08:55.221

Windows Exe (x86-32)

3zKsNOE5aZ0EYY9l.exe

malicious

SHA256: 7807560f2f913b4d12ba37ebcb4e7e12af09bdbad1fcf63005c2c081f6168a0e

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates file(s) in the .NET assembly directory to hide them from Windows Explorer

2/5

Searches for sensitive mail data

2/5

Searches for sensitive browser data

2/5

Searches for sensitive remote access configuration data

2/5

Searches for sensitive password manager data

1/5

Drops PE masquerading Filename

1/5

Creates a page with write and execute permissions

1/5

Timestamp manipulation

1/5

Modifies application directory

1/5

Modifies operating system directory

1/5

Tries to detect debugger

1/5

Drops PE file

1/5

Creates process with hidden window

WiFHeyT1n9GbfOY0.exe

2026-03-25T18:07:02.053

Windows Exe (x86-32)

WiFHeyT1n9GbfOY0.exe

malicious

SHA256: eb0222540b402fc726a43685cc58974b4620cdf311db8aec527e8888fb8b5a71

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Hides files

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

Creates an unusually large number of files

1/5

Drops PE file

1/5

Creates a page with write and execute permissions

1/5

Possibly does reconnaissance

1/5

Modifies application directory

Virus