Threat Feed
32xPBeeHye2lYP6C.exe
2026-07-16T20:13:22.327
malicious
Windows Exe (x86-64)
Close
32xPBeeHye2lYP6C.exe
malicious
SHA256:
95e50b1b27b9251c9955fbb721eb6b52947f8eb418c2e3693fe366d70d25c592
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
BlankGrabber configuration was extracted
5/5
Combination of other detections shows configuration discovery
4/5
Modifies Windows Defender configuration
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Captures clipboard data
2/5
Network configuration discovery
2/5
Searches for sensitive browser data
2/5
Reads network adapter information
2/5
Sets up server that accepts incoming connections
2/5
Executes PowerShell without default profile
2/5
Signed executable failed signature validation
2/5
Executes PowerShell with hidden window
2/5
Schedules task
2/5
Hides files
2/5
Reads sensitive browser data
2/5
Searches for sensitive application data
2/5
Searches for sensitive remote access configuration data
2/5
Searches for sensitive password manager data
2/5
Query OS Information
1/5
Performs DNS request
1/5
Queries system time
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Creates process with hidden window
1/5
Drops PE masquerading Filename
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Content matched by YARA rules
1/5
Drops PE file
1/5
Creates mutex
1/5
Loads a dropped DLL
1/5
Connects to remote host
1/5
Reads from memory of another process
1/5
Accesses Microsoft Security Software registry keys
1/5
Installs system startup script or application
Spyware
5892f6f3afd436f8e72de18cc76d7c71e546daef5dce5ec63d3a12bccc4ccb4c.exe
2026-07-16T20:07:07.387
malicious
Windows Exe (x86-64)
Close
5892f6f3afd436f8e72de18cc76d7c71e546daef5dce5ec63d3a12bccc4ccb4c.exe
malicious
SHA256:
5892f6f3afd436f8e72de18cc76d7c71e546daef5dce5ec63d3a12bccc4ccb4c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
4/5
Malicious content matched by YARA rules
3/5
Bypasses PowerShell execution policy
3/5
Reads installed applications
3/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Reads network adapter information
2/5
Query OS Information
2/5
Creates an unusually large number of processes
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell without default profile
2/5
Queries a host's domain name
2/5
Collects hardware properties
2/5
Collects BIOS properties
2/5
Tries to detect virtual machine
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates process with hidden window
1/5
Unusual large memory allocation
1/5
Queries system time
1/5
Content matched by YARA rules
1/5
Tries to connect using an uncommon port
1/5
Reads from memory of another process
1/5
Downloads file
1/5
Resolves API functions dynamically
1/5
Connects to remote host
723c90f66595eefd8f2c6db9e5db2718967f2ec5d2d0ea1e48b773f9c99c55f7.exe
2026-07-16T20:04:52.623
malicious
Windows Exe (x86-64)
Close
723c90f66595eefd8f2c6db9e5db2718967f2ec5d2d0ea1e48b773f9c99c55f7.exe
malicious
SHA256:
723c90f66595eefd8f2c6db9e5db2718967f2ec5d2d0ea1e48b773f9c99c55f7
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
4/5
Malicious content matched by YARA rules
3/5
Bypasses PowerShell execution policy
3/5
Reads installed applications
3/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Reads network adapter information
2/5
Query OS Information
2/5
Creates an unusually large number of processes
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell without default profile
2/5
Queries a host's domain name
2/5
Collects hardware properties
2/5
Collects BIOS properties
2/5
Tries to detect virtual machine
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates process with hidden window
1/5
Unusual large memory allocation
1/5
Queries system time
1/5
Content matched by YARA rules
1/5
Tries to connect using an uncommon port
1/5
Reads from memory of another process
1/5
Downloads file
1/5
Resolves API functions dynamically
1/5
Connects to remote host
514643a4b3a62c6fdfd260b87dae54950bf0591377458ebcb26aad71dfab0c9e.exe
2026-07-16T20:04:46.025
malicious
Windows Exe (x86-64)
Close
514643a4b3a62c6fdfd260b87dae54950bf0591377458ebcb26aad71dfab0c9e.exe
malicious
SHA256:
514643a4b3a62c6fdfd260b87dae54950bf0591377458ebcb26aad71dfab0c9e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
4/5
Malicious content matched by YARA rules
3/5
Reads installed applications
3/5
Suspicious content matched by YARA rules
3/5
Bypasses PowerShell execution policy
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell without default profile
2/5
Query OS Information
2/5
Collects hardware properties
2/5
Collects BIOS properties
2/5
Delays execution
2/5
Tries to detect virtual machine
2/5
Queries a host's domain name
2/5
Creates an unusually large number of processes
2/5
Sets up server that accepts incoming connections
1/5
Connects to remote host
1/5
Downloads file
1/5
Queries system time
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Reads from memory of another process
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
1/5
Unusual large memory allocation
Secur32.dll
2026-07-16T19:52:37.831
malicious
Windows DLL (x86-64)
Close
Secur32.dll
malicious
SHA256:
c40a6e39c0bd4ff1ff7ba0dc4ae9503087f6518fecd86786ac9f2ddbcc1c762c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Process Hollowing
4/5
Writes into the memory of another process
2/5
Tries to detect kernel debugger
1/5
Installs system startup script or application
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Tries to detect debugger
1/5
Drops PE file
1/5
Unusual large memory allocation
1/5
Loads a dropped DLL
1/5
Creates a page with write and execute permissions
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Enumerates running processes
Spyware
Injector