Threat Feed
Netflix_Redeem_Code.cmd
2026-02-10T20:39:00.688
malicious
Windows Batch File
Close
Netflix_Redeem_Code.cmd
malicious
SHA256:
a121951eaa1a3d1549ebc1de7fec55ab075a42ff18cac67c02583fb0c087fd17
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies operating system directory
4/5
Hijack installed services
4/5
Attempts to connect through HTTPS
4/5
Installs system service
3/5
Modifies application directory
3/5
Delays execution
3/5
Loads dropped dll via known dll loaders
3/5
Bypasses PowerShell execution policy
3/5
Suspicious content matched by YARA rules
3/5
A monitored process crashed
2/5
Loads a dropped DLL
2/5
Executes PowerShell without default profile
2/5
Executes dropped PE file
2/5
Writes an unusually large amount of data to the registry
2/5
Enables process privileges
2/5
Reads network adapter information
2/5
Performs DNS request
2/5
Queries a host's domain name
2/5
Tries to connect using an uncommon port
2/5
Drops PE file
1/5
Connects to remote host
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Uses encryption API
1/5
Query OS Information
1/5
Timestamp manipulation
PUA
Scan 001.exe
2026-02-10T20:30:50.362
malicious
Windows Exe (x86-32)
Close
Scan 001.exe
malicious
SHA256:
bb743ce0685f51422e1d6ad3e9c10b519e58eb08bff873c8a3443f1f820270e0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
FormBook configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Makes direct system calls to hide process injection
3/5
Captures clipboard data
2/5
Delays execution
2/5
Tries to detect kernel debugger
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Query OS Information
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
1/5
Performs DNS request
1/5
Reloads native system libraries
1/5
Connects to remote host
1/5
Creates mutex
1/5
Resolves API functions dynamically
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Tries to detect debugger
1/5
Reads from memory of another process
Spyware
Injector
9ba1f0045b53aee9e6a44dcaf914d639713378f76006db5a0fe8e2de194a6f21.exe
2026-02-10T20:30:22.102
malicious
Windows Exe (x86-32)
Close
9ba1f0045b53aee9e6a44dcaf914d639713378f76006db5a0fe8e2de194a6f21.exe
malicious
SHA256:
9ba1f0045b53aee9e6a44dcaf914d639713378f76006db5a0fe8e2de194a6f21
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Remcos configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Bypasses Windows User Account Control (UAC)
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
Injects a file into another process
3/5
Monitors keyboard input
3/5
Captures clipboard data
3/5
Monitors user input
2/5
Delays execution
2/5
Deletes file after execution
1/5
A monitored process crashed
1/5
Query OS Information
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Connects to remote host
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Resolves API functions dynamically
1/5
Creates mutex
Spyware
Backdoor
Injector
70115960f384f237162bd6a7533441b322afeb16a2364ecc6bc36b54945d8f2e.exe
2026-02-10T20:30:21.500
malicious
Windows Exe (x86-32)
Close
70115960f384f237162bd6a7533441b322afeb16a2364ecc6bc36b54945d8f2e.exe
malicious
SHA256:
70115960f384f237162bd6a7533441b322afeb16a2364ecc6bc36b54945d8f2e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Remcos configuration was extracted
5/5
Malicious content matched by YARA rules
3/5
Captures clipboard data
3/5
Performs DNS request for known DDNS domain
3/5
Monitors user input
3/5
Monitors keyboard input
3/5
Injects a file into another process
2/5
Delays execution
1/5
Tries to connect using an uncommon port
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Query OS Information
1/5
Creates mutex
1/5
Resolves API functions dynamically
Spyware
Backdoor
552bf80c1c147d39832de1d766ed24039b5f2996ccab03d1114763efe33dfbc3.exe
2026-02-10T20:30:15.994
malicious
Windows Exe (x86-32)
Close
552bf80c1c147d39832de1d766ed24039b5f2996ccab03d1114763efe33dfbc3.exe
malicious
SHA256:
552bf80c1c147d39832de1d766ed24039b5f2996ccab03d1114763efe33dfbc3
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Remcos configuration was extracted
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
4/5
Monitors clipboard content
3/5
Monitors keyboard input
3/5
Monitors user input
3/5
Injects a file into another process
3/5
Performs DNS request for known DDNS domain
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Delays execution
1/5
Resolves API functions dynamically
1/5
Query OS Information
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Creates mutex
Spyware
Backdoor
Keylogger