Threat Feed | Online Malware Sandbox

URL

http://authenticate-0oxsoxauthe.pages.dev/authenticate

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Page is served from a service commonly used for temporary hosting

1/5

Page secured via a Domain Validated SSL certificate

1/5

Page contents are loaded dynamically

1/5

Logon form detected via Computer Vision

1/5

Content matched by YARA rules

1/5

URL contains a TLD highly associated with phishing

1/5

Resource is loaded from a service commonly used for temporary hosting

1/5

Page presents itself as a logon page

Phishing

lqE4nyt9GcujJZQ3.exe

2026-04-08T16:32:56.851

Windows Exe (x86-32)

lqE4nyt9GcujJZQ3.exe

malicious

SHA256: fc1a66e16bdd785cc002d72ebbfcbbc97d7b9f8af4f0a404fe835870c190fd35

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Tries to read cached credentials of various applications

5/5

Combination of other detections shows configuration discovery

5/5

Known malicious mutex name is created

5/5

SalatStealer configuration was extracted

5/5

Makes indirect system calls to hide process injection

4/5

Makes indirect system call to possibly evade hooking based monitoring

4/5

Modifies Windows Defender configuration

3/5

Disables a crucial system service

3/5

Takes screenshot

3/5

Uninstalls Windows protection features

2/5

Sets up server that accepts incoming connections

2/5

Suspicious content matched by YARA rules

2/5

Reads sensitive browser data

2/5

Reads network adapter information

2/5

Collects hardware properties

2/5

Schedules task

2/5

Searches for sensitive application data

2/5

Queries OS info via WMI

2/5

Searches for sensitive browser data

1/5

Performs DNS request

1/5

Reads system data

1/5

Modifies application directory

1/5

Creates process with hidden window

1/5

Enumerates running processes

1/5

Possibly does reconnaissance

1/5

Creates mutex

1/5

Creates a page with write and execute permissions

1/5

Writes an unusually large amount of data to the registry

1/5

Installs system service

1/5

Unusual large memory allocation

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

A monitored process crashed

1/5

Drops PE file

1/5

Executes dropped PE file

1/5

Timestamp manipulation

Spyware

Injector

00Vnle57iXriKUIu.exe

2026-04-08T16:28:41.602

Windows Exe (x86-32)

00Vnle57iXriKUIu.exe

malicious

SHA256: f0c9f605e41b69fe756a3559abc8515361517de346d27a62865337fb7a131f9c

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates file(s) in the .NET assembly directory to hide them from Windows Explorer

2/5

Searches for sensitive browser data

2/5

Disables a system tool

2/5

Hides files

1/5

Possibly does reconnaissance

1/5

Modifies operating system directory

1/5

Modifies application directory

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

Creates a page with write and execute permissions

Virus

pDq5v34h53hU7C0W.exe

2026-04-08T16:27:23.534

Windows Exe (x86-32)

pDq5v34h53hU7C0W.exe

malicious

SHA256: 3f8da2ef689348427ba7779b4e212e0c10924d46b7b9fe286e95e3d36c9b8d14

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates file(s) in the .NET assembly directory to hide them from Windows Explorer

2/5

Searches for sensitive browser data

2/5

Hides files

2/5

Disables a system tool

1/5

Resolves API functions dynamically

1/5

Creates an unusually large number of files

1/5

Drops PE file

1/5

Modifies operating system directory

1/5

Modifies application directory

1/5

Possibly does reconnaissance

1/5

Creates a page with write and execute permissions

1/5

Obfuscates control flow

Virus

DWDJTDfeplLUQh3H.exe

2026-04-08T16:26:14.638

Windows Exe (x86-32)

DWDJTDfeplLUQh3H.exe

malicious

SHA256: a88f0b3a13e50d4a774f9bcc752f78040f5e1fa7e639323e36c26440ebf62687

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates file(s) in the .NET assembly directory to hide them from Windows Explorer

2/5

Searches for sensitive browser data

2/5

Hides files

1/5

Obfuscates control flow

1/5

Resolves API functions dynamically

1/5

Creates an unusually large number of files

1/5

Creates a page with write and execute permissions

1/5

Drops PE file

1/5

Modifies application directory

1/5

Possibly does reconnaissance

1/5

Modifies operating system directory

Virus