Threat Feed
sRslI2qRXVdodSJW.exe
2026-02-26T00:24:04.089
malicious
Windows Exe (x86-32)
Close
sRslI2qRXVdodSJW.exe
malicious
SHA256:
bc022b3b4ee21472fa17c79bc953f36c7081f9c4efb160549c23463885d97f89
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Known malicious mutex name is created
2/5
Deletes file after execution
2/5
Delays execution
1/5
Executes dropped PE file
1/5
Drops PE file
1/5
Installs system startup script or application
1/5
Creates process with hidden window
1/5
Modifies operating system directory
Spyware
Trojan
yTz25h9aP9iC8Pej.exe
2026-02-26T00:21:53.212
malicious
Windows Exe (x86-64)
Close
yTz25h9aP9iC8Pej.exe
malicious
SHA256:
a87fed3ea0827996de35553d510511d517a64757eb82386db710fbefb0dc83d3
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Event Triggered Execution
4/5
Loads a dropped DLL into a system binary
3/5
Tries to detect the presence of antivirus software
3/5
Suspicious content matched by YARA rules
3/5
Modifies native system functions
2/5
Schedules task via schtasks
2/5
Queries OS info via WMI
2/5
Creates an unusually large number of processes
2/5
Collects hardware properties
2/5
Schedules task
1/5
Installs system startup script or application
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Enables process privileges
1/5
Timestamp manipulation
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
Modifies operating system directory
1/5
Tries to connect using an uncommon port
1/5
Resolves API functions dynamically
1/5
Overwrites code
asmTCOgvvbnuMfm6.exe
2026-02-26T00:21:24.179
malicious
Windows Exe (x86-32)
Close
asmTCOgvvbnuMfm6.exe
malicious
SHA256:
3ce4da7b03e0f8aef10b800926c8d00a5e88a1cf768cfab024db3d2e1e565c94
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Injects a file into another process
3/5
Monitors keyboard input
2/5
Delays execution
1/5
Tries to connect using an uncommon port
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Installs system startup script or application
Spyware
h44iCEDYyAhJSqVR.exe
2026-02-26T00:20:34.343
malicious
Windows Exe (x86-32)
Close
h44iCEDYyAhJSqVR.exe
malicious
SHA256:
2b1841637d1ddd30410a328795d769354c8df73205bf04facaa79a4a36b24056
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Enables critical process privileges
2/5
Allows invalid SSL certificates
1/5
Enumerates running processes
1/5
Installs system service
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
URL contains a TLD highly associated with phishing
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Enables process privileges
1/5
Executes dropped PE file
1/5
Modifies operating system directory
1/5
Creates mutex
Ransomware
b9T6ihWRoZ0VRzMF.exe
2026-02-26T00:15:57.840
malicious
Windows Exe (x86-32)
Close
b9T6ihWRoZ0VRzMF.exe
malicious
SHA256:
0f8e2c6264f9fc25640e706d3bb6a662deedbe3cd7ff8a015b33547cac10cf3b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
3/5
Takes screenshot
3/5
Monitors keyboard input
3/5
Injects a file into another process
1/5
Performs DNS request
1/5
Installs system startup script or application
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Tries to connect using an uncommon port
1/5
Connects to remote host
Spyware