Threat Feed
8LcsnJYyzbpbUEue.exe
2026-03-12T18:30:19.475
malicious
Windows Exe (x86-32)
Close
8LcsnJYyzbpbUEue.exe
malicious
SHA256:
efc40c76cb37ac0d29a167a25c485fcda138b1ea2987cb076443ae0e85b2f187
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Enables critical process privileges
2/5
Allows invalid SSL certificates
1/5
Enumerates running processes
1/5
Installs system service
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
URL contains a TLD highly associated with phishing
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Enables process privileges
1/5
Executes dropped PE file
1/5
Modifies operating system directory
1/5
Creates mutex
Ransomware
5d07232af7ff4950c82524b1a9007f7a3e2eab4c96c962bc4b71ead55d2f4ab3.exe
2026-03-12T18:05:04.789
malicious
Windows Exe (x86-32)
Close
5d07232af7ff4950c82524b1a9007f7a3e2eab4c96c962bc4b71ead55d2f4ab3.exe
malicious
SHA256:
5d07232af7ff4950c82524b1a9007f7a3e2eab4c96c962bc4b71ead55d2f4ab3
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
3/5
Bypasses PowerShell execution policy
3/5
Classifies external IP address
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Tries to detect application sandbox
1/5
Enables process privileges
1/5
Performs DNS request
1/5
Creates mutex
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Query OS Information
1/5
Creates process with hidden window
Spyware
Downloader
OmbLetDciLyGX134.exe
2026-03-12T18:03:29.898
malicious
Windows Exe (x86-32)
Close
OmbLetDciLyGX134.exe
malicious
SHA256:
273386685d39b0c9f1a6ad7742cd1d4c9ad3b5ef2153ee26f4e05a7f516824f3
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
Malicious content matched by YARA rules
4/5
Bypasses Windows User Account Control (UAC)
4/5
Modifies Windows Defender configuration
3/5
Executable modifies its own file
3/5
All network connection attempts failed
3/5
Tries to detect the presence of firewall software
3/5
Tries to detect the presence of antivirus software
2/5
Reads network adapter information
2/5
Modifies network configuration
2/5
Collects hardware properties
2/5
Collects BIOS properties
2/5
Enumerates running processes
2/5
Creates an unusually large number of processes
2/5
Creates a new process from a system binary
2/5
Suspicious content matched by YARA rules
2/5
Schedules task
2/5
Schedules task via schtasks
1/5
Accesses volumes directly
1/5
Reads from memory of another process
1/5
Resolves API functions dynamically
1/5
Modifies operating system directory
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Content matched by YARA rules
1/5
Query OS Information
1/5
Modifies application directory
1/5
Writes an unusually large amount of data to the registry
1/5
Enables process privileges
1/5
Installs system startup script or application
Backdoor
file.exe
2026-03-12T18:00:30.593
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
ff3bef23b6823f29c118eb3cc6e93672f6c61f3f863f0018446f238ef4c77e30
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Process Hollowing
4/5
Modifies control flow of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Writes into the memory of another process
3/5
Takes screenshot
2/5
Searches for sensitive browser data
2/5
Tries to detect virtual machine
2/5
Reads sensitive browser data
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Dead Drop Resolver
2/5
Queries a host's domain name
2/5
Searches for sensitive application data
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Tries to detect debugger
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Unusual large memory allocation
1/5
Creates a page with write and execute permissions
1/5
Reads system data
1/5
Query CPU Properties
1/5
Possibly does reconnaissance
1/5
Reads mouse position
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
URL contains a TLD highly associated with phishing
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
Spyware
Injector
ZemcxB5L9ruLY5Mk.exe
2026-03-12T18:00:23.138
malicious
Windows Exe (x86-32)
Close
ZemcxB5L9ruLY5Mk.exe
malicious
SHA256:
8e50fd679b6c40817165ef702aa9462856b29c9b0fc3bf0ce49b5041c9184f4b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Hides files
1/5
Modifies operating system directory
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Modifies application directory
1/5
Possibly does reconnaissance
Virus