Threat Feed
iENHE8T0pjRlzGIA.exe
2026-05-17T03:11:56.909
malicious
Windows Exe (x86-32)
Close
iENHE8T0pjRlzGIA.exe
malicious
SHA256:
e338bc4eae2a2c43631927a7c93172909a246e3c27de23c7aeb1c08b56c81c92
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Modifies native system functions
3/5
Suspicious content matched by YARA rules
2/5
Signed executable failed signature validation
2/5
Tries to detect virtual machine
1/5
Enumerates running processes
1/5
Possibly does reconnaissance
1/5
Obfuscates control flow
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Creates an unusually large number of files
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Drops PE masquerading Filename
1/5
Query CPU Properties
1/5
Modifies application directory
1/5
Reloads native system libraries
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Enables process privileges
Backdoor
Trojan
NjFY7xhDkWEpRW6A.exe
2026-05-17T03:11:27.906
malicious
Windows Exe (x86-32)
Close
NjFY7xhDkWEpRW6A.exe
malicious
SHA256:
76ccd37fb0888d5c2c72fc1e31d69d2334a876e174c78d49822f74ada3dcda34
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
3/5
Monitors user input
3/5
Captures clipboard data
3/5
Reads installed applications
2/5
Schedules task
2/5
Deletes file after execution
2/5
Delays execution
2/5
Searches for sensitive mail data
2/5
Searches for sensitive browser data
2/5
Searches for sensitive application data
1/5
Executes dropped PE file
1/5
Possibly does reconnaissance
1/5
Enables process privileges
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Installs system service
1/5
Enumerates running processes
1/5
Checks Internet connection
1/5
Downloads file
1/5
Resolves API functions dynamically
1/5
Drops PE file
Spyware
85EIgqrEWG7aX8r2.exe
2026-05-17T03:11:08.060
malicious
Windows Exe (x86-32)
Close
85EIgqrEWG7aX8r2.exe
malicious
SHA256:
2ed6cad1224b95332d2f75729cfc20cb3c73f669ab8e5db3edd1b89464d0e540
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Tries to open an unusually high number of parallel network connections
3/5
All network connection attempts failed
2/5
Allows invalid SSL certificates
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Executes dropped PE file
Ransomware
file.exe
2026-05-17T02:30:33.211
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
5940c41ab003399680a04d726587eed242e4ad8969abe4b5617d712ff190a852
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
3/5
Tries to evade debugger
3/5
Takes screenshot
2/5
Reads sensitive browser data
2/5
Schedules task
2/5
Searches for sensitive browser data
2/5
Tries to detect analyzer sandbox
2/5
Creates an unusually large number of processes
1/5
Tries to detect debugger
1/5
Tries to connect using an uncommon port
1/5
Creates mutex
1/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Query CPU Properties
Spyware
common.exe
2026-05-17T02:22:46.812
malicious
Windows Exe (x86-64)
Close
common.exe
malicious
SHA256:
cd6442b44b13c97c76a54be9a98bc55de867b512c20ac7343e7dcb75ff241be9
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
4/5
Modifies Windows Defender configuration
2/5
Searches for sensitive browser data
2/5
Schedules task
2/5
Tries to detect application sandbox
2/5
Collects hardware properties
2/5
Enumerates running processes
2/5
Sets up server that accepts incoming connections
2/5
Reads network adapter information
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Reads system data
1/5
Enumerates running processes
1/5
Enables process privileges
1/5
Accesses Microsoft Security Software registry keys
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically