Threat Feed
36b6e7b6dd2292ac1701e60dcb618a74fdb7749f.exe
2025-03-22T02:51:41.080
malicious
Windows Exe (x86-32)
Close
36b6e7b6dd2292ac1701e60dcb618a74fdb7749f.exe
malicious
SHA256:
971efe0c5b4e4ae6a732fffdf015bd40b3033b9f8e0685fb678dfe79144e10aa
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Modifies control flow of another process
4/5
Process Hollowing
4/5
Writes into the memory of another process
4/5
Malicious file detected via reputation
2/5
Sends control codes to a driver
2/5
Deletes file after execution
2/5
Hides files
2/5
Signed executable failed signature validation
2/5
Tries to detect virtual machine
2/5
Accesses physical drive
1/5
Modifies operating system directory
1/5
Enumerates running processes
1/5
Drops PE file
1/5
Reads from memory of another process
1/5
Resolves API functions dynamically
1/5
Creates process with hidden window
1/5
Accesses volumes directly
1/5
Creates a page with write and execute permissions
Injector
28140bb152d1d077514e995ff9910bc16c20fe5c.exe
2025-03-22T02:50:24.997
malicious
Windows Exe (x86-32)
Close
28140bb152d1d077514e995ff9910bc16c20fe5c.exe
malicious
SHA256:
3994e633efaa545d752e0538a92115da1b59935defe5afd7a95f9b6c3ad64cad
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Malicious file detected via reputation
4/5
Modifies Windows Defender configuration
3/5
Executable modifies its own file
2/5
Schedules task via schtasks
2/5
Creates an unusually large number of processes
2/5
Schedules task
1/5
Creates mutex
1/5
Possibly does reconnaissance
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Writes an unusually large amount of data to the registry
1/5
Modifies application directory
1/5
Resolves API functions dynamically
1/5
Creates process with hidden window
Spyware
2d7a8abd31f02984f49aa31a17a88389707e58c1.exe
2025-03-22T02:48:17.273
malicious
Windows Exe (x86-32)
Close
2d7a8abd31f02984f49aa31a17a88389707e58c1.exe
malicious
SHA256:
a368dfc9a37ca309a049f09ca07ee86b7f454690a158b22536e3b156cbf6ebdf
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Malicious file detected via reputation
4/5
Malicious host or URL detected via reputation
4/5
Writes into the memory of another process
3/5
Event Triggered Execution
2/5
Tries to detect application sandbox
2/5
Tries to detect debugger
2/5
Signed executable failed signature validation
1/5
Checks Internet connection
1/5
Creates mutex
1/5
Reads system data
1/5
Installs system startup script or application
1/5
Creates a page with write and execute permissions
1/5
Resolves API functions dynamically
1/5
Performs DNS request
1/5
Modifies application directory
1/5
Enumerates running processes
1/5
A monitored process crashed
1/5
Possibly does reconnaissance
1/5
Overwrites code
1/5
Modifies operating system directory
1/5
Executes dropped PE file
1/5
Creates process with hidden window
1/5
Drops PE file
Spyware
Injector
d33e01e61587d6e63ac2f0f4a32fd06e3d9b529a.exe
2025-03-22T02:47:45.937
malicious
Windows Exe (x86-32)
Close
d33e01e61587d6e63ac2f0f4a32fd06e3d9b529a.exe
malicious
SHA256:
1f7778692c87e0e19929da89ef2f2468485f4156ec98f3b8daf4fa9071691ac7
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Adds a hook to a web browser
4/5
Malicious file detected via reputation
4/5
Malicious host or URL detected via reputation
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
Event Triggered Execution
2/5
Tries to detect application sandbox
2/5
Tries to detect debugger
2/5
Signed executable failed signature validation
1/5
A monitored process crashed
1/5
Creates mutex
1/5
Reads system data
1/5
Installs system startup script or application
1/5
Creates process with hidden window
1/5
Creates a page with write and execute permissions
1/5
Resolves API functions dynamically
1/5
Modifies application directory
1/5
Performs DNS request
1/5
Enumerates running processes
1/5
Possibly does reconnaissance
1/5
Overwrites code
1/5
Modifies operating system directory
1/5
Executes dropped PE file
1/5
Drops PE file
1/5
Checks Internet connection
Spyware
Injector
e37ce64302519217d5a61ab140af8a15361a38d2.exe
2025-03-22T02:47:15.900
malicious
Windows Exe (x86-32)
Close
e37ce64302519217d5a61ab140af8a15361a38d2.exe
malicious
SHA256:
be6b03f03dd5dd80586b79eba7923bae02f5c0ae1eeaa019414a3f9fbbb3e2f6
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Modifies Windows Defender configuration
4/5
Bypasses Windows User Account Control (UAC)
4/5
Malicious file detected via reputation
3/5
Executable modifies its own file
2/5
Collects hardware properties
2/5
Schedules task via schtasks
2/5
Schedules task
1/5
Modifies operating system directory
1/5
Resolves API functions dynamically
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Enables process privileges
1/5
Creates mutex
1/5
Writes an unusually large amount of data to the registry
1/5
Modifies application directory