Threat Feed
5LNX4TsAzWNW95Ak.exe
2026-05-13T09:53:16.553
malicious
Windows Exe (x86-32)
Close
5LNX4TsAzWNW95Ak.exe
malicious
SHA256:
cc342d5f5884bd647556ca5a312f53589c02c621391bc21ce38f31f9b0136efb
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Allows invalid SSL certificates
2/5
Enables critical process privileges
1/5
Enumerates running processes
1/5
Installs system service
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
URL contains a TLD highly associated with phishing
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
The binary file was created with a packer
1/5
Enables process privileges
1/5
Executes dropped PE file
1/5
Modifies operating system directory
1/5
Creates mutex
Ransomware
qKpa0s5E9GuCIMgt.exe
2026-05-13T09:50:46.099
malicious
Windows Exe (x86-32)
Close
qKpa0s5E9GuCIMgt.exe
malicious
SHA256:
193fd7f59e8f8a4c4ae4d64fc11bb954f75498ace94251b93b0fb83175eadc62
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tofsee configuration was extracted
4/5
Injected process sets up server that accepts incoming connections
4/5
Process Hollowing
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
Modifies Windows Defender configuration
3/5
Masquerades service
3/5
Queries known SPAM blocklist
2/5
Deletes file after execution
2/5
Reads network adapter information
2/5
Connects to SMTP server
2/5
Suspicious content matched by YARA rules
2/5
Uses Alternate Data Stream (ADS) file attributes
2/5
Delays execution
2/5
Modifies Windows Firewall configuration
2/5
Tries to detect analyzer sandbox
1/5
Overwrites code
1/5
Installs system service
1/5
Writes an unusually large amount of data to the registry
1/5
Performs DNS request
1/5
Creates an unusually large number of files
1/5
Query OS Information
1/5
Connects to remote host
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Tries to connect using an uncommon port
1/5
Modifies operating system directory
1/5
Executes dropped PE file
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
Spyware
Backdoor
Injector
5ALKrdjDOQOY3rz5.exe
2026-05-13T09:47:32.423
malicious
Windows Exe (x86-32)
Close
5ALKrdjDOQOY3rz5.exe
malicious
SHA256:
d9aa7adc32d584b6b4e630498b0890f81c22fa6c369eaf240d1df47245d46ff3
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Tries to evade debugger
2/5
Hides files
2/5
Tries to detect virtual machine
1/5
Executes dropped PE file
1/5
Drops PE file
1/5
Obfuscates control flow
1/5
Detects filename manipulation
1/5
Tries to detect debugger
Trojan
RSzqD9XbXyU8KFOU.exe
2026-05-13T09:45:32.349
malicious
Windows Exe (x86-32)
Close
RSzqD9XbXyU8KFOU.exe
malicious
SHA256:
d4aa69a6cc10a0d43168f09e73a1552a3bcd6cf86d4650bf6bb1f481f45c87a4
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Enables critical process privileges
2/5
Allows invalid SSL certificates
1/5
Performs DNS request
1/5
Connects to remote host
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Installs system service
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Modifies operating system directory
1/5
Creates mutex
Ransomware
BZHdwZ7DqYLuJsoN.exe
2026-05-13T09:45:31.110
malicious
Windows Exe (x86-32)
Close
BZHdwZ7DqYLuJsoN.exe
malicious
SHA256:
821e669dd03c65defdcc377d757608419c349fa0662ad863985cf2e45fde6a37
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Adds a hook to a web browser
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
2/5
Delays execution
2/5
Schedules task
1/5
Overwrites code
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Drops PE file
1/5
Reads system data
1/5
Executes dropped PE file
1/5
Resolves API functions dynamically
Spyware
Injector