Threat Feed
GfGhto1S1XTsio3Y.exe
2026-03-21T18:06:50.054
malicious
Windows Exe (x86-32)
Close
GfGhto1S1XTsio3Y.exe
malicious
SHA256:
a2485fdce9832d116f20b175b0b98e6e6b9558b1a3db09d55034c1ebb3c00648
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Hides files
2/5
Disables a system tool
1/5
Modifies operating system directory
1/5
Creates a page with write and execute permissions
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Content matched by YARA rules
1/5
Modifies application directory
1/5
Possibly does reconnaissance
Virus
yZr6d4xq7qwBpt9E.exe
2026-03-21T18:02:27.147
malicious
Windows Exe (x86-64)
Close
yZr6d4xq7qwBpt9E.exe
malicious
SHA256:
307c662d74ac0a212eb36259e8b0c0e9a80bf3f7ff04015ccb10d65bb196f01a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Delays execution
2/5
Creates an unusually large number of processes
1/5
Modifies operating system directory
1/5
Modifies application directory
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
A monitored process crashed
1/5
Creates a page with write and execute permissions
1/5
Executes dropped PE file
1/5
Creates mutex
1/5
Enables process privileges
Virus
hi6iMtSAq9ELP5W0.exe
2026-03-21T17:59:26.855
malicious
Windows Exe (x86-32)
Close
hi6iMtSAq9ELP5W0.exe
malicious
SHA256:
b95ade860e90c98a96e8caefda0b3d8ce5134b0f1b651d8995a0fca2be863020
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Enables critical process privileges
2/5
Allows invalid SSL certificates
1/5
Connects to remote host
1/5
URL contains a TLD highly associated with phishing
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
The binary file was created with a packer
1/5
Executes dropped PE file
1/5
Installs system service
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Modifies operating system directory
1/5
Creates mutex
Ransomware
2tSL32GLGf8H0Cuv.exe
2026-03-21T17:58:45.753
malicious
Windows Exe (x86-32)
Close
2tSL32GLGf8H0Cuv.exe
malicious
SHA256:
c9a00970eac37ef1f84b326efc9cae187f032a65a9467ad2927eab01fa392fc6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Known malicious mutex name is created
5/5
SalatStealer configuration was extracted
3/5
Takes screenshot
3/5
Monitors user input
2/5
Sets up server that accepts incoming connections
2/5
Queries a host's domain name
2/5
Suspicious content matched by YARA rules
2/5
Reads network adapter information
2/5
Searches for sensitive application data
2/5
Collects hardware properties
2/5
Searches for sensitive browser data
2/5
Delays execution
2/5
Queries OS info via WMI
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Reads system data
1/5
Performs DNS request
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Unusual large memory allocation
Spyware
RAT
xNXoVmeG1oSI1C88.exe
2026-03-21T17:56:10.830
malicious
Windows Exe (x86-32)
Close
xNXoVmeG1oSI1C88.exe
malicious
SHA256:
0640351a23ab937303ea60fde3cc2e241cf4deeff934010cb80e4f5ec634b45a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Tries to detect virtual machine
2/5
Sends control codes to a driver
2/5
Delays execution
2/5
Deletes file after execution
2/5
Hides files
2/5
Accesses physical drive
1/5
Enumerates running processes
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
The binary file was created with a packer
1/5
Executes dropped PE file
1/5
Connects to remote host
1/5
Creates mutex
1/5
Enables process privileges
1/5
Modifies application directory
1/5
Query CPU Properties
1/5
Creates process with hidden window
1/5
Tries to connect using an uncommon port
Trojan