Threat Feed
app_setup.6653001.msi
2026-07-12T16:47:13.924
malicious
MSI Setup
Close
app_setup.6653001.msi
malicious
SHA256:
9569536b0039412115aab58dfa315a1f71af1b7294326ccbf7411fc3d26fa292
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Masks file extension
3/5
Modifies native system functions
2/5
Queries a host's domain name
2/5
Delays execution
2/5
Tries to detect virtual machine
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Schedules task
1/5
Modifies application directory
1/5
Accesses volumes directly
1/5
Queries system time
1/5
Creates a page with write and execute permissions
1/5
Downloads file
1/5
Content matched by YARA rules
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
1/5
Executes dropped PE file
1/5
Modifies operating system directory
1/5
Drops PE file
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Installs system startup script or application
1/5
Loads a dropped DLL
Hacktool
Open the latest report on the computer.exe
2026-07-12T16:45:52.763
malicious
Windows Exe (x86-32)
Close
Open the latest report on the computer.exe
malicious
SHA256:
eab4918ea7581aececacc1ddf3d86812ea1d203dfae8ab635c66136348e3d534
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
ValleyRAT configuration was extracted
3/5
All network connection attempts failed
2/5
Schedules task
1/5
Resolves API functions dynamically
1/5
Connects to remote host
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
1/5
Tries to connect using an uncommon port
Backdoor
http://d-thecourierguy.netlify.app
2026-07-12T16:37:29.172
malicious
URL
Close
http://d-thecourierguy.netlify.app
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Malicious content matched by YARA rules
4/5
Phishing page detected via Machine Learning
2/5
Page is served from a service commonly used for temporary hosting
1/5
Logon form detected via Computer Vision
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
URL contains a TLD highly associated with phishing
1/5
Resource is loaded from a service commonly used for temporary hosting
1/5
Page contains clickables with luring keywords
Phishing
POD ektedlr.exe
2026-07-12T16:33:41.799
malicious
Windows Exe (x86-32)
Close
POD ektedlr.exe
malicious
SHA256:
e3b0cd21746e06e579260f3ef8f3aee90dd4cdce6fff976f7848ecd84280a652
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
4/5
Process Hollowing
3/5
Captures clipboard data
2/5
Searches for sensitive browser data
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Reads sensitive browser data
2/5
Tries to detect kernel debugger
2/5
Delays execution
2/5
Suspicious content matched by YARA rules
1/5
Creates process with hidden window
1/5
URL contains a TLD highly associated with phishing
1/5
Creates a page with write and execute permissions
1/5
Content matched by YARA rules
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Reads from memory of another process
1/5
Query OS Information
1/5
Creates mutex
1/5
Possibly does reconnaissance
Spyware
Injector
WhpQWiMLTbLpuIP4.exe
2026-07-12T16:18:03.971
malicious
Windows Exe (x86-64)
Close
WhpQWiMLTbLpuIP4.exe
malicious
SHA256:
7f1f58c97e0be5c57a9c2484126f9d5e3830926d50d9864bed681308d8c62e37
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Loads a dropped DLL into a system binary
4/5
Writes into the memory of another process
3/5
Suspicious content matched by YARA rules
2/5
Reads network configuration
2/5
Accesses physical drive
2/5
Searches for sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Sends control codes to a driver
1/5
Tries to connect using an uncommon port
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Enumerates running processes
1/5
Installs system service
1/5
Creates mutex
1/5
Creates a page with write and execute permissions
1/5
Modifies operating system directory
1/5
Queries system time
1/5
Writes an unusually large amount of data to the registry
1/5
Performs DNS request
1/5
Connects to remote host
Injector