Threat Feed
BBVA.js
2026-06-19T17:04:37.040
malicious
JScript
Close
BBVA.js
malicious
SHA256:
f89f1890ed7c6329c9d27c48f9ee962fa33b2ed4b855562b7d3a240ac892ef9f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
Malicious content matched by YARA rules
5/5
DarkCloud configuration was extracted
4/5
Writes into the memory of another process
4/5
Process Hollowing
4/5
Reads from memory of another process
3/5
Bypasses PowerShell execution policy
3/5
Reads sensitive mail data
2/5
Enumerates running processes
2/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
2/5
Searches for sensitive mail data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Searches for sensitive FTP data
2/5
Possibly does reconnaissance
2/5
Searches for sensitive application data
1/5
Enumerates running processes
1/5
Accesses Microsoft Security Software registry keys
Spyware
Injector
Orden de compra POF0000095.vbs
2026-06-19T16:58:50.644
malicious
VBScript
Close
Orden de compra POF0000095.vbs
malicious
SHA256:
43d4b173e270122ee3a92257ea3e8aefb16fe8be0d9ec45c45fdeea364104580
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Injected process sets up server that accepts incoming connections
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Agent Tesla configuration was extracted
4/5
Tries to detect application sandbox
4/5
Writes into the memory of another process
4/5
Attempts to connect through HTTP
4/5
Process Hollowing
4/5
Reads from memory of another process
3/5
Reads sensitive mail data
3/5
Reads sensitive browser data
3/5
Classifies external IP address
3/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell with hidden window
2/5
Possibly does reconnaissance
2/5
Enables process privileges
2/5
Searches for sensitive browser data
2/5
Tries to connect using an uncommon port
2/5
Suspicious content matched by YARA rules
2/5
Installs system startup script or application
2/5
Executes PowerShell without default profile
2/5
Reads network adapter information
2/5
Tries to detect debugger
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Performs DNS request
2/5
Searches for sensitive mail data
1/5
Content matched by YARA rules
1/5
Accesses Microsoft Security Software registry keys
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Connects to remote host
Spyware
Backdoor
Injector
DHL-Shipping Documents.bat
2026-06-19T16:53:58.010
malicious
Windows Batch File
Close
DHL-Shipping Documents.bat
malicious
SHA256:
f2228128e497575884a83e098a18ad38920d5d0ab5d8f71003f94b50b03f0c6d
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Bypasses PowerShell execution policy
2/5
Executes PowerShell without default profile
1/5
Accesses Microsoft Security Software registry keys
Downloader
Statement_of_Accountpdf.js
2026-06-19T16:53:46.360
malicious
JScript
Close
Statement_of_Accountpdf.js
malicious
SHA256:
f7accd662f00c8cfc4be386e7a876bf72de4292dbb55e9dd88343df7a20375c8
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Modifies control flow of another process
4/5
Tries to detect kernel debugger
4/5
Writes into the memory of another process
4/5
Process Hollowing
4/5
Reads from memory of another process
3/5
Bypasses PowerShell execution policy
3/5
Delays execution
3/5
Reads sensitive browser data
3/5
Captures clipboard data
2/5
Performs DNS request
2/5
Downloads file
2/5
Suspicious content matched by YARA rules
2/5
Loads a dropped DLL
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
2/5
Searches for sensitive browser data
2/5
Enumerates running processes
2/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Query OS Information
1/5
URL contains a TLD highly associated with phishing
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates mutex
1/5
Connects to remote host
Spyware
Injector
NOVOGENE-EUROPE COMPANY PROFILE.exe
2026-06-19T16:53:20.214
malicious
Windows Exe (x86-32)
Close
NOVOGENE-EUROPE COMPANY PROFILE.exe
malicious
SHA256:
d25ad1d94de1f9966521f68430ac7032459b72fa06e099d99d17ed0311acad59
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Modifies Windows Defender configuration
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Writes into the memory of another process
4/5
Process Hollowing
3/5
Captures clipboard data
2/5
Suspicious content matched by YARA rules
2/5
Delays execution
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Tries to detect kernel debugger
1/5
Creates a page with write and execute permissions
1/5
Performs DNS request
1/5
Connects to remote host
1/5
URL contains a TLD highly associated with phishing
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Query OS Information
1/5
Possibly does reconnaissance
1/5
Creates mutex
Spyware
Injector