Threat Feed
6606339-SHANG JIA.exe
2026-03-09T14:09:50.143
malicious
Windows Exe (x86-32)
Close
6606339-SHANG JIA.exe
malicious
SHA256:
7425f75e57727ed43ef7c9cc4a646234736b2151641a51ada14db20152f2ccbe
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Writes into the memory of another process
3/5
System Binary Proxy Execution
3/5
Makes direct system calls to hide process injection
2/5
Tries to detect kernel debugger
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Suspicious content matched by YARA rules
1/5
Installs system startup script or application
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Tries to detect debugger
1/5
Creates mutex
1/5
Reads from memory of another process
1/5
Query OS Information
1/5
Reloads native system libraries
1/5
Content matched by YARA rules
Spyware
Injector
PI.exe
2026-03-09T14:08:02.127
malicious
Windows Exe (x86-32)
Close
PI.exe
malicious
SHA256:
8e59fd060314be874b16a85af69bac2ca32bb8570698d635d33aa18c9b0d558a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
FormBook configuration was extracted
4/5
Writes into the memory of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Modifies control flow of another process
3/5
Makes direct system calls to hide process injection
3/5
Captures clipboard data
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Delays execution
2/5
Tries to detect kernel debugger
2/5
Suspicious content matched by YARA rules
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Tries to detect debugger
1/5
Query OS Information
1/5
Possibly does reconnaissance
1/5
Reloads native system libraries
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
Content matched by YARA rules
Spyware
Injector
KIDDIONS MENU.exe
2026-03-09T13:58:02.315
malicious
Windows Exe (x86-64)
Close
KIDDIONS MENU.exe
malicious
SHA256:
23b50ccbd06a8ae450539f780cb09c81cf80bc7fc3720cbfa65ca242c4506008
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
4/5
Process Hollowing
3/5
Modifies native system functions
1/5
Content matched by YARA rules
1/5
Creates process with hidden window
1/5
Creates a page with write and execute permissions
Injector
peer.exe
2026-03-09T13:57:46.849
malicious
Windows Exe (x86-64)
Close
peer.exe
malicious
SHA256:
8adcea233db10edaf4931971d9980007fd4ee2c3bf22a664d3603ec73afc8178
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Delays execution
2/5
Reads network adapter information
2/5
Sets up server that accepts incoming connections
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Unusual large memory allocation
1/5
Modifies application directory
1/5
Installs system service
1/5
Enumerates running processes
1/5
Performs DNS request
Downloader
transaction_swift_dload_04Mar2026_102922.exe
2026-03-09T13:51:01.905
malicious
Windows Exe (x86-32)
Close
transaction_swift_dload_04Mar2026_102922.exe
malicious
SHA256:
490d8b3311a6801e2d87808ce5e81428d60688d40257dc2d865b83bc589f818f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Agent Tesla configuration was extracted
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
Makes direct system calls to hide process injection
2/5
Searches for sensitive mail data
2/5
Reads sensitive mail data
2/5
Searches for sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Reads network adapter information
2/5
Queries OS info via WMI
2/5
Reads sensitive browser data
2/5
Collects hardware properties
1/5
Connects to remote host
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Enables process privileges
1/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Tries to detect debugger
1/5
Connects to SMTP server
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Reads from memory of another process
1/5
Reloads native system libraries
Spyware
Injector