Threat Feed
WindowsUpdate.exe
2026-07-18T19:56:01.817
malicious
Windows Exe (x86-64)
Close
WindowsUpdate.exe
malicious
SHA256:
0a3061ce09d7e3cb2b3d3453432da69ee83b59b782853d1f6462fd177db75a7a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
ValleyRAT configuration was extracted
5/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Delays execution
1/5
Collects hardware properties
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
1/5
Writes an unusually large amount of data to the registry
1/5
Queries system time
1/5
Creates mutex
1/5
Query OS Information
Backdoor
Payment slip.JS
2026-07-18T19:36:07.947
malicious
JScript
Close
Payment slip.JS
malicious
SHA256:
23885cfe4f5500d0eed3b524e77103c33d89f39a2f7df54e91cab714bb49216f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Sets up server that accepts incoming connections
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Agent Tesla configuration was extracted
4/5
Tries to detect application sandbox
3/5
Reads sensitive browser data
3/5
Reads sensitive mail data
3/5
Suspicious content matched by YARA rules
3/5
Classifies external IP address
2/5
Tries to connect using an uncommon port
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive mail data
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
2/5
Enables process privileges
2/5
Performs DNS request
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Executes dropped PE file
2/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Unusual large memory allocation
1/5
Queries system time
1/5
Query OS Information
1/5
Connects to remote host
Spyware
Backdoor
Downloader
036227aa4ccacd6153de68143e02f001.exe
2026-07-18T19:30:32.660
malicious
Windows Exe (x86-32)
Close
036227aa4ccacd6153de68143e02f001.exe
malicious
SHA256:
c1d7ce9290ee9a148ea430871f900a44511b8db374dedcb4d417072b54e48d07
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
NanoCore configuration was extracted
3/5
Monitors user input
3/5
Obscures a file's origin
2/5
Sets up server that accepts incoming connections
1/5
Query OS Information
1/5
Reads system data
1/5
Modifies application directory
1/5
Installs system startup script or application
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Connects to remote host
Backdoor
IMG_20260319_788539973.js
2026-07-18T19:18:02.511
malicious
JScript
Close
IMG_20260319_788539973.js
malicious
SHA256:
9b0ba305e6d75c6c3054d8eea221edc97f6c20db07e12f94fb3de4ab4eaefe6e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
DarkCloud configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
4/5
Writes into the memory of another process
4/5
Monitors clipboard content
4/5
Reads from memory of another process
4/5
Process Hollowing
3/5
Obfuscates control flow
3/5
Bypasses PowerShell execution policy
3/5
Reads sensitive mail data
2/5
Collects hardware properties
2/5
Searches for sensitive mail data
2/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
2/5
Searches for sensitive FTP data
2/5
Possibly does reconnaissance
2/5
Searches for sensitive application data
2/5
Queries OS info via WMI
2/5
Enumerates running processes
1/5
Content matched by YARA rules
1/5
Queries system time
1/5
Enumerates running processes
1/5
Accesses Microsoft Security Software registry keys
Spyware
Keylogger
Downloader
Injector
file.exe
2026-07-18T18:47:23.059
malicious
Windows Exe (x86-32)
Close
file.exe
malicious
SHA256:
72344facd02bea9007c59c2a67bd96d521838b566298caf0f80c6ceecf93520f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
4/5
Injected process sets up server that accepts incoming connections
4/5
DLL Hollowing
3/5
Tries to detect the presence of antivirus software
3/5
Modifies native system functions
2/5
Suspicious content matched by YARA rules
2/5
Queries a host's domain name
2/5
Signed executable failed signature validation
2/5
Delays execution
2/5
Deletes file after execution
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Creates mutex
1/5
Queries system time
1/5
Reads system data
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Reloads native system libraries
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Creates a page with write and execute permissions
1/5
Tries to detect debugger
Spyware
Backdoor
Downloader
Injector