Threat Feed
nZaqshG591HhEdcw.exe
2026-04-24T10:43:37.546
malicious
Windows Exe (x86-32)
Close
nZaqshG591HhEdcw.exe
malicious
SHA256:
065e83e88cb3deb19838106e09808990e788a5dc2361dd9bd82c951ceadc0614
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Writes into the memory of another process
4/5
Entry point injection
2/5
Creates a new process from a system binary
2/5
Deletes file after execution
1/5
Enumerates running processes
1/5
Reads from memory of another process
1/5
Modifies operating system directory
1/5
Resolves API functions dynamically
1/5
Detects filename manipulation
1/5
Drops PE file
1/5
Creates process with hidden window
1/5
Executes dropped PE file
1/5
Checks Internet connection
1/5
Creates a page with write and execute permissions
1/5
Installs system startup script or application
Injector
xflRDc1sRHB2gWfA.exe
2026-04-24T10:38:53.800
malicious
Windows Exe (x86-32)
Close
xflRDc1sRHB2gWfA.exe
malicious
SHA256:
6cd452c98282fa988716ed27329741bd43b7b3f5f176ebff0f7ae6c133a90e71
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Creates file(s) in the .NET assembly directory to hide them from Windows Explorer
2/5
Searches for sensitive browser data
2/5
Hides files
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Modifies application directory
1/5
Possibly does reconnaissance
1/5
Modifies operating system directory
Virus
IArD8Nh47WkH9Y5b.exe
2026-04-24T10:38:32.255
malicious
Windows Exe (x86-32)
Close
IArD8Nh47WkH9Y5b.exe
malicious
SHA256:
caa79c1a33b11ec4d12e50f8f8372d7365c68c7498efb6efde7f38ed423b40e1
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tofsee configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Process Hollowing
4/5
Injected process sets up server that accepts incoming connections
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Modifies Windows Defender configuration
3/5
Connects to a CMS hoster
3/5
Queries known SPAM blocklist
3/5
Masquerades service
2/5
Reads network adapter information
2/5
Suspicious content matched by YARA rules
2/5
Uses Alternate Data Stream (ADS) file attributes
2/5
Modifies Windows Firewall configuration
2/5
Delays execution
2/5
Tries to detect analyzer sandbox
2/5
Deletes file after execution
2/5
Connects to SMTP server
1/5
Creates process with hidden window
1/5
Drops PE file
1/5
Tries to connect using an uncommon port
1/5
Installs system service
1/5
Executes dropped PE file
1/5
Creates a page with write and execute permissions
1/5
Query OS Information
1/5
Modifies operating system directory
1/5
Connects to remote host
1/5
Writes an unusually large amount of data to the registry
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Performs DNS request
1/5
Installs system startup script or application
Spyware
Backdoor
PUA
Miner
Injector
fya6qi8ouLVNZ7E1.exe
2026-04-24T10:37:02.652
malicious
Windows Exe (x86-32)
Close
fya6qi8ouLVNZ7E1.exe
malicious
SHA256:
6b8bf545bec5f1ad56bf4c008136d81fd304368fb1dabfb3de46de5fe8f0fae6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Enables critical process privileges
2/5
Disables a system tool
2/5
Allows invalid SSL certificates
1/5
Connects to remote host
1/5
URL contains a TLD highly associated with phishing
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Installs system service
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Modifies operating system directory
1/5
Creates mutex
1/5
Performs DNS request
Ransomware
flKroTinvc4BG1yJ.exe
2026-04-24T10:36:42.793
malicious
Windows Exe (x86-32)
Close
flKroTinvc4BG1yJ.exe
malicious
SHA256:
868bf1d0626f8868a4f66f6222e6618583cdf31732084b33d3f4f8aaf8be9cec
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Creates file(s) in the .NET assembly directory to hide them from Windows Explorer
2/5
Searches for sensitive browser data
2/5
Hides files
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Modifies application directory
1/5
Possibly does reconnaissance
1/5
Modifies operating system directory
Virus