Threat Feed
sZjgz1gIy3QhVweP.exe
2026-04-15T06:09:27.982
malicious
Windows Exe (x86-64)
Close
sZjgz1gIy3QhVweP.exe
malicious
SHA256:
b565850ba9c30976f47cc1cef3b5e0dad5ce81403d1f7110727563ef7df40b26
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Deletes user files
4/5
Malicious content matched by YARA rules
3/5
Captures clipboard data
3/5
Takes screenshot
3/5
Uses HTTP to upload a large amount of data
3/5
Modifies native system functions
3/5
Tries to detect the presence of antivirus software
2/5
Tries to detect analyzer sandbox
2/5
Creates an unusually large number of processes
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Delays execution
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Queries a host's domain name
2/5
Reads sensitive browser data
2/5
Searches for sensitive browser data
1/5
Creates an unusually large number of files
1/5
Query Firmware Information
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Installs system startup script or application
1/5
Reads from memory of another process
1/5
Resolves API functions dynamically
1/5
Overwrites code
Spyware
Downloader
Wiper
QwfJMHyOSBwD1ate.exe
2026-04-15T06:07:45.199
malicious
Windows Exe (x86-64)
Close
QwfJMHyOSBwD1ate.exe
malicious
SHA256:
56efe1c6278b50c44571f2e9f5394ecbf529b89100b2697a687773b05ff24d9b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
ValleyRAT configuration was extracted
3/5
All network connection attempts failed
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Resolves API functions dynamically
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Creates a page with write and execute permissions
Backdoor
L7ZFQWQSorhZ68Fb.dll
2026-04-15T06:07:24.387
malicious
Windows DLL (x86-64)
Close
L7ZFQWQSorhZ68Fb.dll
malicious
SHA256:
25c1d33f695537ecfe9cb9f4753f1f44453283610ec049efa6ce80b1cc49d291
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
All network connection attempts failed
1/5
Creates mutex
1/5
Connects to remote host
1/5
Resolves API functions dynamically
1/5
Enumerates running processes
1/5
Drops PE file
1/5
Enables process privileges
1/5
Creates a page with write and execute permissions
Injector
file.exe
2026-04-15T05:58:44.427
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
0f9c97adc250b2ab1c1b19aa2bd99ac0b8f54e07aaccdfdaf347a258a81ef932
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
3/5
Captures clipboard data
2/5
Queries OS info via WMI
2/5
Queries a host's domain name
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Collects hardware properties
1/5
Enumerates running processes
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Resolves API functions dynamically
1/5
Query Firmware Information
1/5
Unusual large memory allocation
Spyware
jL3Y5RBwFahvGqwY.exe
2026-04-15T05:17:21.035
malicious
Windows Exe (x86-32)
Close
jL3Y5RBwFahvGqwY.exe
malicious
SHA256:
08e900ff40e594db49a9edce6871e726faa1dea0be0692722f2e16bff1a7134f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Vidar configuration was extracted
2/5
Suspicious content matched by YARA rules
2/5
Delays execution
2/5
Dead Drop Resolver
1/5
Unusual large memory allocation
1/5
Reads system data
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
Spyware