Threat Feed
cvCl4Pkgt5tR9wlE.exe
2026-02-15T20:47:13.281
malicious
Windows Exe (x86-32)
Close
cvCl4Pkgt5tR9wlE.exe
malicious
SHA256:
c984e2c9f51ae273a04c12c2996f8eafbe56651471f428b01beeaec2e80d3024
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Writes into the memory of another process
4/5
Rename system utilities
3/5
Executes code with kernel privileges
3/5
Suspicious content matched by YARA rules
3/5
Modifies native system functions
2/5
Sends control codes to a driver
2/5
Deletes file after execution
2/5
Searches for sensitive browser data
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Reads network configuration
2/5
Tries to detect virtual machine
2/5
Creates an unusually large number of processes
2/5
Sets up server that accepts incoming connections
2/5
Hijack installed services
1/5
Overwrites code
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
The binary file was created with a packer
1/5
Executes dropped PE file
1/5
Installs kernel driver
1/5
Installs system service
1/5
Changes personalization-related browser settings
1/5
Query OS Information
1/5
Content matched by YARA rules
1/5
Modifies application directory
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Reads from memory of another process
1/5
Reads mouse position
1/5
Checks external IP address
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
Modifies operating system directory
1/5
Resolves API functions dynamically
Injector
zpPCH097AteiwB1W.exe
2026-02-15T20:24:34.792
malicious
Windows Exe (x86-64)
Close
zpPCH097AteiwB1W.exe
malicious
SHA256:
84bd20bcb88426402c4a3c96d8012396f83387a84b7abc1a6e90c2babebb42bd
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
4/5
APC Injection
4/5
Writes into the memory of another process
4/5
Monitors clipboard content
3/5
Uses HTTP to upload a large amount of data
3/5
Reads installed applications
3/5
Suspicious content matched by YARA rules
3/5
Takes screenshot
2/5
Searches for sensitive mail data
2/5
Searches for sensitive application data
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive FTP data
2/5
Suspicious content matched by YARA rules
2/5
Reads sensitive browser data
2/5
Searches for sensitive browser data
2/5
Tries to detect analyzer sandbox
1/5
Resolves API functions dynamically
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Installs system startup script or application
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Enables process privileges
1/5
Downloads executable
1/5
Downloads file
1/5
Content matched by YARA rules
1/5
Query CPU Properties
1/5
Creates an unusually large number of files
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Timestamp manipulation
Spyware
Keylogger
Downloader
Injector
q7EsJ0jRlKw3LCSp.exe
2026-02-15T20:24:19.469
malicious
Windows Exe (x86-32)
Close
q7EsJ0jRlKw3LCSp.exe
malicious
SHA256:
075865fc5772291062280a54012144bfab65b240b4a738dee4dda833b73c991c
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Rename system utilities
4/5
Writes into the memory of another process
3/5
Suspicious content matched by YARA rules
3/5
Executes code with kernel privileges
3/5
Modifies native system functions
2/5
Tries to detect virtual machine
2/5
Creates an unusually large number of processes
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Reads network configuration
2/5
Searches for sensitive browser data
2/5
Sends control codes to a driver
2/5
Sets up server that accepts incoming connections
2/5
Deletes file after execution
2/5
Hijack installed services
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
The binary file was created with a packer
1/5
Executes dropped PE file
1/5
Installs kernel driver
1/5
Query OS Information
1/5
Installs system service
1/5
Changes personalization-related browser settings
1/5
Resolves API functions dynamically
1/5
Creates mutex
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Reads mouse position
1/5
Checks external IP address
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
Content matched by YARA rules
1/5
Modifies operating system directory
1/5
Overwrites code
Injector
Af65bTJekVb3RFqb.exe
2026-02-15T20:24:11.215
malicious
Windows Exe (x86-32)
Close
Af65bTJekVb3RFqb.exe
malicious
SHA256:
64a30153270bf0c2f567c3a5c9ae5b7318c6ca9000ef4f0291b2af17b45a38ae
VMRay Threat Identifiers
Close
Severity
Operation
5/5
UmbralStealer configuration was extracted
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
4/5
Malicious content matched by YARA rules
4/5
Blocks network connection to security products
3/5
Deletes file after execution
3/5
Takes screenshot
3/5
Suspicious content matched by YARA rules
2/5
Hides files
2/5
Suspicious content matched by YARA rules
2/5
Reads sensitive browser data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Deletes file after execution
2/5
Reads network configuration
2/5
Searches for sensitive browser data
2/5
Sets up server that accepts incoming connections
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Modifies operating system directory
1/5
Enables process privileges
1/5
Checks external IP address
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Creates mutex
Spyware
TiMAfIicGG7Vtg5o.exe
2026-02-15T20:13:36.933
malicious
Windows Exe (x86-32)
Close
TiMAfIicGG7Vtg5o.exe
malicious
SHA256:
6161e22c922c3a3a103dd9ce0c978968723d41fa9eef47cb2acebb5acb1241bc
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
Known malicious mutex name is created
5/5
Malicious content matched by YARA rules
4/5
Creates a Process with redirected Input
3/5
Takes screenshot
2/5
Queries OS info via WMI
2/5
Schedules task
2/5
Searches for sensitive application data
2/5
Queries a host's domain name
2/5
Collects hardware properties
2/5
Searches for sensitive browser data
2/5
Sets up server that accepts incoming connections
2/5
Delays execution
2/5
Suspicious content matched by YARA rules
2/5
Reads network adapter information
1/5
Possibly does reconnaissance
1/5
Modifies application directory
1/5
Reads system data
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Unusual large memory allocation
1/5
Performs DNS request
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Timestamp manipulation
Spyware
RAT