Threat Feed
CmbhBID99atN37JP.exe
2026-04-09T16:03:26.059
malicious
Windows Exe (x86-32)
Close
CmbhBID99atN37JP.exe
malicious
SHA256:
9e751e87c1d4a6581608a13f260da801e2dfbb13dd1bdda90f4c257227ffd74f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Allows invalid SSL certificates
1/5
Drops PE file
1/5
Uncommon PE properties
1/5
Executes dropped PE file
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
Ransomware
quEID4vjWW7Fbuwo.exe
2026-04-09T16:02:10.307
malicious
Windows Exe (x86-64)
Close
quEID4vjWW7Fbuwo.exe
malicious
SHA256:
64b4e6bfd4a54ffb509965823ad5b3a719cefffb165964a95d7b35d349c3c681
VMRay Threat Identifiers
Close
Severity
Operation
5/5
XMRig configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Loads a known vulnerable file
3/5
Executes code with kernel privileges
2/5
Creates an unusually large number of processes
2/5
Sets up server that accepts incoming connections
2/5
Schedules task
2/5
Sends control codes to a driver
2/5
Reads network adapter information
1/5
Connects to remote host
1/5
Drops PE file
1/5
Unusual large memory allocation
1/5
Executes dropped PE file
1/5
Performs DNS request
1/5
Query OS Information
1/5
Resolves API functions dynamically
1/5
Content matched by YARA rules
1/5
Enables process privileges
PUA
Miner
NeIeWrwNb0HzRYOg.exe
2026-04-09T16:01:16.459
malicious
Windows Exe (x86-32)
Close
NeIeWrwNb0HzRYOg.exe
malicious
SHA256:
a6fb397cc7ad95dde3ebdace06f205e606de9f7731fa457ec54b7d275e6097f3
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Deletes file after execution
1/5
Tries to detect debugger
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Timestamp manipulation
1/5
Creates process with hidden window
1/5
Drops PE masquerading Filename
1/5
Modifies application directory
offlinejs.js
2026-04-09T15:48:18.729
malicious
JScript
Close
offlinejs.js
malicious
SHA256:
78417f6462aba815ff5cdb543950b7a7ec8426e9aa9f89fc9abf2eb884b86995
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Agent Tesla configuration was extracted
5/5
Injected process sets up server that accepts incoming connections
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
4/5
Tries to detect application sandbox
4/5
Reads from memory of another process
4/5
Process Hollowing
4/5
Writes into the memory of another process
3/5
Reads sensitive mail data
3/5
Bypasses PowerShell execution policy
3/5
Classifies external IP address
3/5
Reads sensitive browser data
2/5
Performs DNS request
2/5
Possibly does reconnaissance
2/5
Tries to connect using an uncommon port
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Executes PowerShell without default profile
2/5
Enumerates running processes
2/5
Collects hardware properties
2/5
Searches for sensitive mail data
2/5
Queries OS info via WMI
2/5
Enables process privileges
2/5
Reads network adapter information
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Connects to remote host
Spyware
Backdoor
Injector
FRjPdR1tf7HWt2qD.exe
2026-04-09T15:46:36.342
malicious
Windows Exe (x86-32)
Close
FRjPdR1tf7HWt2qD.exe
malicious
SHA256:
ebedcee56d58481f5165e5f488424efe5b97474885b615bdc7024b519b6affc0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Creates file(s) in the .NET assembly directory to hide them from Windows Explorer
2/5
Hides files
2/5
Searches for sensitive browser data
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Modifies application directory
1/5
Possibly does reconnaissance
1/5
Modifies operating system directory
Virus