Threat Feed
Documento escaneado.js
2026-07-15T19:36:07.322
malicious
JScript
Close
Documento escaneado.js
malicious
SHA256:
21327e4b5d555b1adfdea28de614bfd2d3bbbe05bfd849ff2e6019c70e09d117
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
XWorm configuration was extracted
4/5
Reads from memory of another process
4/5
Tries to detect the presence of antivirus software
4/5
Writes into the memory of another process
4/5
Attempts to connect through HTTP
4/5
Process Hollowing
3/5
A monitored process crashed
3/5
Executes PowerShell commands from environment variables
3/5
Schedules task
3/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell without default profile
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Performs DNS request
2/5
Tries to connect using an uncommon port
2/5
Enables process privileges
2/5
Tries to detect debugger
1/5
Queries system time
1/5
Query OS Information
1/5
Connects to remote host
1/5
URL contains a TLD highly associated with phishing
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Accesses Microsoft Security Software registry keys
Spyware
Downloader
Injector
tagmansetup.exe
2026-07-15T19:35:31.279
malicious
Windows Exe (x86-64)
Close
tagmansetup.exe
malicious
SHA256:
bf93b1578a876f6bbd0368b9d91e78a5b57b499e906b7ceb8e534c1c55626153
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Writes into the memory of another process
3/5
Monitors keyboard input
3/5
Tries to evade debugger
2/5
Collects BIOS properties
2/5
Tries to detect application sandbox
2/5
Tries to detect virtual machine
2/5
Deletes file after execution
2/5
Collects hardware properties
2/5
Disables automatic hibernation
2/5
Tries to detect debugger
2/5
Reads network adapter information
1/5
Accesses Microsoft Security Software registry keys
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Creates an unusually large number of files
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Accesses volumes directly
1/5
Queries system time
1/5
Reads mouse position
1/5
Query OS Information
1/5
Modifies application directory
1/5
Enumerates running processes
1/5
Modifies operating system directory
1/5
Unusual large memory allocation
1/5
Creates mutex
1/5
Installs system startup script or application
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Executes WMI query
Spyware
Backdoor
Injector
CN-Invoice-0945413571-XXXXX6856-2312053735707600000.js
2026-07-15T19:33:14.243
malicious
JScript
Close
CN-Invoice-0945413571-XXXXX6856-2312053735707600000.js
malicious
SHA256:
c60276e74cc9f7bd0861973da89594d70c74d66df886fe2c5c89c87a20035702
VMRay Threat Identifiers
Close
Severity
Operation
5/5
AsyncRAT configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Process Hollowing
4/5
Reads from memory of another process
4/5
Writes into the memory of another process
4/5
Tries to detect the presence of antivirus software
3/5
Performs DNS request for known DDNS domain
3/5
Bypasses PowerShell execution policy
2/5
Enumerates running processes
2/5
Queries OS info via WMI
2/5
Enables process privileges
2/5
Performs DNS request
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
2/5
Tries to connect using an uncommon port
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Queries system time
1/5
Creates mutex
1/5
Query OS Information
1/5
Accesses Microsoft Security Software registry keys
Backdoor
Injector
Filezo 6.0.18 + CRACK.exe
2026-07-15T19:32:40.396
malicious
Windows Exe (x86-64)
Close
Filezo 6.0.18 + CRACK.exe
malicious
SHA256:
439b73b50c9e5c161b070a4eafa6a56ddb4ea6daf155b8dc06105028a7d04fd2
VMRay Threat Identifiers
Close
Severity
Operation
5/5
QuasarRAT configuration was extracted
5/5
Combination of other detections shows configuration discovery
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Writes into the memory of another process
3/5
Reads installed applications
3/5
Monitors keyboard input
2/5
Collects hardware properties
2/5
Collects BIOS properties
2/5
Tries to detect virtual machine
2/5
Accesses physical drive
2/5
Sends control codes to a driver
2/5
Queries a host's domain name
2/5
Delays execution
2/5
Deletes file after execution
2/5
Peripheral Device Discovery
2/5
Queries OS info via WMI
2/5
Reads network adapter information
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Query OS Information
1/5
Tries to detect debugger
1/5
Unusual large memory allocation
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
1/5
Accesses volumes directly
1/5
Modifies application directory
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Creates an unusually large number of files
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Installs system startup script or application
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Reads mouse position
1/5
Queries system time
1/5
Modifies operating system directory
Spyware
Backdoor
Injector
QuickFetch.exe
2026-07-15T19:14:01.488
malicious
Windows Exe (x86-64)
Close
QuickFetch.exe
malicious
SHA256:
966365f729aadfc95f0450a1a605422b63d7fc2628310108e26054ed04fbf03b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
4/5
Monitors clipboard content
3/5
Captures clipboard data
3/5
SmartContract configuration was extracted
3/5
Tries to detect the presence of antivirus software
3/5
Uses HTTP to upload a large amount of data
3/5
Takes screenshot
2/5
Queries a host's domain name
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Delays execution
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Query Firmware Information
1/5
Creates process with hidden window
1/5
Queries system time
1/5
Creates mutex
1/5
Tries to connect using an uncommon port
1/5
URL contains a TLD highly associated with phishing
1/5
Communicates via JSON RPC protocol
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Downloads executable
1/5
Executes downloaded executable
1/5
Unusual large memory allocation
Spyware
Keylogger
Downloader