Threat Feed
nG1s3SCeesMoO3XB.exe
2026-03-13T18:13:29.143
malicious
Windows Exe (x86-32)
Close
nG1s3SCeesMoO3XB.exe
malicious
SHA256:
967e7bc8859501c4246139ceca3939fe97779e161d8870c56a57c31239955ffb
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Executes code with kernel privileges
2/5
Deletes file after execution
2/5
Adds service dependency
2/5
Schedules task
2/5
Creates an unusually large number of processes
2/5
Disables a system tool
2/5
Sends control codes to a driver
1/5
Overwrites code
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Reads mouse position
1/5
Enables process privileges
1/5
Modifies operating system directory
1/5
Installs system service
1/5
Installs kernel driver
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Resolves API functions dynamically
Backdoor
CJgz0EXbEpojkwPw.exe
2026-03-13T18:11:21.293
malicious
Windows Exe (x86-32)
Close
CJgz0EXbEpojkwPw.exe
malicious
SHA256:
dac697b0a63bb437d638c9f8344fe6584d746681f0e3371936c1bd5689f2e08b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Hides files
2/5
Disables a system tool
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Drops PE file
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
1/5
Modifies application directory
1/5
Modifies operating system directory
Virus
TXF96MC4ZUWnqkDw.exe
2026-03-13T18:10:09.712
malicious
Windows Exe (x86-32)
Close
TXF96MC4ZUWnqkDw.exe
malicious
SHA256:
a7333868fe8e18ef97c3245463f004c6a1393d3eed08ea36ddb8cc36bf007f3e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Hides files
1/5
Modifies application directory
1/5
Creates a page with write and execute permissions
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Drops PE file
Virus
GtOiMI0uL2GsQTAF.exe
2026-03-13T17:59:16.759
malicious
Windows Exe (x86-32)
Close
GtOiMI0uL2GsQTAF.exe
malicious
SHA256:
fd9cc071d0825ea3ea10afb82764e0f35aa98646a2cf3475438db7571a369ea5
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Known malicious mutex name is created
4/5
Creates a Process with redirected Input
3/5
Takes screenshot
2/5
Reads sensitive browser data
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Schedules task
2/5
Queries a host's domain name
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Reads network adapter information
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
1/5
Performs DNS request
1/5
Reads system data
1/5
Unusual large memory allocation
1/5
Modifies application directory
1/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Drops PE file
1/5
Creates process with hidden window
1/5
Executes dropped PE file
1/5
A monitored process crashed
1/5
Timestamp manipulation
1/5
Resolves API functions dynamically
1/5
Content matched by YARA rules
Spyware
RAT
amrexchemical.exe
2026-03-13T17:54:39.367
malicious
Windows Exe (x86-32)
Close
amrexchemical.exe
malicious
SHA256:
89ba7c3f6f35c9c515c34f5995c825091e3361645511302cbb0748f29cefc5ec
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
3/5
Reads installed applications
3/5
Suspicious content matched by YARA rules
2/5
Collects information about services
2/5
Hijack installed services
2/5
Hides a known RMM tool
2/5
Reads network adapter information
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Sets up server that accepts incoming connections
2/5
Reads network configuration
2/5
Collects BIOS properties
1/5
Executes WMI query
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Creates a page with write and execute permissions
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Modifies application directory
1/5
Drops PE masquerading Filename
1/5
Installs system startup script or application
1/5
Enumerates running processes
1/5
Installs system service
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Accesses volumes directly
1/5
Modifies operating system directory
1/5
Query OS Information
1/5
Enables process privileges
1/5
Tries to detect debugger
1/5
Unusual large memory allocation
PUA