Threat Feed
SecuriteInfo.com.Heur.MSIL.Benin.5.11647795.exe
2026-06-16T16:44:27.062
malicious
Windows Exe (x86-32)
Close
SecuriteInfo.com.Heur.MSIL.Benin.5.11647795.exe
malicious
SHA256:
d313447f8bc9b4e058ca7b3de4cb73f03be0713a730b73cc03a9faecbeb288bc
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
3/5
Suspicious content matched by YARA rules
2/5
Sets up server that accepts incoming connections
2/5
Searches for sensitive mail data
2/5
Searches for cryptocurrency wallet locations
2/5
Tries to detect debugger
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Reads sensitive mail data
2/5
Queries OS info via WMI
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Uses encryption API
1/5
Possibly does reconnaissance
1/5
Connects to remote host
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Enables process privileges
1/5
Creates mutex
Spyware
Backdoor
file.exe
2026-06-16T16:42:25.500
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
86ef8c8481f5fc8f8ec6290b54e727ce450ab6dc0f0333ee99db10333a7535ec
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
Uses HTTP to upload a large amount of data
3/5
Bypasses browser App-Bound Encryption
3/5
Reads installed applications
2/5
Reads sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive VPN configuration data
2/5
Searches for sensitive browser data
2/5
Searches for sensitive remote access configuration data
2/5
Searches for sensitive password manager data
2/5
Searches for sensitive application data
2/5
Starts web browser in headless mode
1/5
Timestamp manipulation
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
1/5
Query CPU Properties
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Creates process with hidden window
Spyware
Injector
5VevRpHOTnCPYT0h.exe
2026-06-16T16:25:09.801
malicious
Windows Exe (x86-32)
Close
5VevRpHOTnCPYT0h.exe
malicious
SHA256:
4cb471b12391a57d70c18379483f14ab8541e9b2896edcb51f8016d49f6de9d2
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
3/5
Injects a file into another process
3/5
Monitors keyboard input
2/5
Deletes file after execution
2/5
Sets up server that accepts incoming connections
2/5
Collects information about services
2/5
Hides files
2/5
Schedules task
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Creates mutex
1/5
Installs system service
1/5
Modifies application directory
1/5
Installs system startup script or application
1/5
Enables process privileges
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Monitors keyboard input
1/5
Modifies operating system directory
1/5
Performs DNS request
Spyware
Backdoor
nuPVp7j2R65fVtsS.exe
2026-06-16T16:12:27.550
malicious
Windows Exe (x86-64)
Close
nuPVp7j2R65fVtsS.exe
malicious
SHA256:
1c6c38494d2b77236e3f6085b86c4b8a9f8e7d000c40bdaf6a4e2d0efc976ffb
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
4/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
3/5
Sends data via a Telegram bot
3/5
Reads installed applications
2/5
Searches for sensitive FTP data
2/5
Searches for cryptocurrency wallet locations
2/5
Network configuration discovery
2/5
Searches for sensitive remote access configuration data
2/5
Searches for sensitive browser data
2/5
Sets up server that accepts incoming connections
2/5
Searches for sensitive application data
2/5
Suspicious content matched by YARA rules
2/5
Peripheral Device Discovery
2/5
Searches for sensitive password manager data
2/5
Reads network adapter information
2/5
Searches for sensitive mail data
2/5
Reads sensitive browser data
1/5
Accesses volumes directly
1/5
Enumerates running processes
1/5
Enables process privileges
1/5
Possibly does reconnaissance
1/5
Reads system data
1/5
Creates process with hidden window
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Query CPU Properties
1/5
Query OS Information
Spyware
pesbUuQYEZDyoX87.html
2026-06-16T16:05:20.187
malicious
HTML Document
Close
pesbUuQYEZDyoX87.html
malicious
SHA256:
3933399d16e1feef1af99901ebe0123070fdd5f800a39cbb5e6e31879dfe0774
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page uses exact same title as that of a popular online service
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing