Threat Feed
PO45120992.exe
2026-05-21T15:19:44.725
malicious
Windows Exe (x86-32)
Close
PO45120992.exe
malicious
SHA256:
46c14f54405d6c75a0ba41465e754314f586546d12135ef3d584b79fa75dc698
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
Agent Tesla configuration was extracted
4/5
Modifies Windows Defender configuration
4/5
Process Hollowing
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Connects to SMTP server
2/5
Reads sensitive mail data
2/5
Reads sensitive browser data
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
1/5
Enumerates running processes
1/5
Reads from memory of another process
1/5
Possibly does reconnaissance
1/5
Accesses Microsoft Security Software registry keys
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Query OS Information
1/5
Enables process privileges
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
Spyware
Injector
PO1029837346_Dec_1015.exe
2026-05-21T15:12:10.389
malicious
Windows Exe (x86-32)
Close
PO1029837346_Dec_1015.exe
malicious
SHA256:
e8744da8113beed4a9f4f0c986e737b5f3711fb94a76a8daadc5b41c6745d863
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
1/5
Content matched by YARA rules
1/5
A monitored process crashed
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
1/5
Reads from memory of another process
1/5
Enumerates running processes
Injector
DHLXINVX0914534XPDF.exe
2026-05-21T15:10:30.919
malicious
Windows Exe (x86-32)
Close
DHLXINVX0914534XPDF.exe
malicious
SHA256:
561c3ff6b268566497a4e74bd61eed2058682100d2dfc9bb0e1edf78e743d3f0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Process Hollowing
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Captures clipboard data
3/5
Makes direct system calls to hide process injection
3/5
All network connection attempts failed
2/5
Suspicious content matched by YARA rules
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Tries to detect kernel debugger
2/5
Delays execution
1/5
Creates a page with write and execute permissions
1/5
Performs DNS request
1/5
Content matched by YARA rules
1/5
Enumerates running processes
1/5
Reloads native system libraries
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Query OS Information
1/5
Tries to detect debugger
Spyware
Injector
file.exe
2026-05-21T15:10:08.619
malicious
Windows Exe (x86-32)
Close
file.exe
malicious
SHA256:
94682a961e8a61b5a4b34e689de98f0a89b5e8c75bdfc493ed796c29a6b03536
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Suspicious content matched by YARA rules
1/5
Query OS Information
1/5
Enables process privileges
Spyware
Backdoor
Downloader
PO#86637_copy.exe
2026-05-21T15:09:29.107
malicious
Windows Exe (x86-32)
Close
PO#86637_copy.exe
malicious
SHA256:
000d931f8f76a4fc9ba255cbc972e03f58d3e49bcdd6008094ac0dc2e4fe25a6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Agent Tesla configuration was extracted
4/5
Process Hollowing
4/5
Modifies Windows Defender configuration
3/5
Monitors keyboard input
2/5
Collects hardware properties
2/5
Searches for sensitive application data
2/5
Reads sensitive browser data
2/5
Reads sensitive mail data
2/5
Searches for sensitive mail data
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Searches for sensitive browser data
2/5
Schedules task
2/5
Queries OS info via WMI
2/5
Searches for sensitive FTP data
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
1/5
Reads from memory of another process
1/5
Possibly does reconnaissance
1/5
Creates mutex
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Executes WMI query
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Checks external IP address
Spyware
Injector