Threat Feed
OGwArgX2BimONXuO.dll
2026-05-15T20:47:21.813
malicious
Windows DLL (x86-32)
Close
OGwArgX2BimONXuO.dll
malicious
SHA256:
dc68ae43a45c1a836d671cc113bbab5eeea0f005fa6d9d0d41a6f4d83f3aa24c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Tries to open an unusually high number of parallel network connections
2/5
Delays execution
2/5
Disables a system tool
1/5
Installs system service
1/5
Modifies operating system directory
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Connects to remote host
1/5
Creates process with hidden window
Ransomware
Worm
file.exe
2026-05-15T20:46:33.271
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
e8e40e17af28ccbae21c0fdd7a44be105daba34fe6f4019bb2b4fac99408f8e5
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Vidar configuration was extracted
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
Tries to evade debugger
3/5
Uses HTTP to upload a large amount of data
3/5
Takes screenshot
3/5
Reads installed applications
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Starts web browser in headless mode
2/5
Dead Drop Resolver
2/5
Suspicious content matched by YARA rules
1/5
Creates mutex
1/5
Content matched by YARA rules
1/5
Tries to detect debugger
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
1/5
Enables process privileges
1/5
Query CPU Properties
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Possibly does reconnaissance
Spyware
Injector
Setup.exe
2026-05-15T20:46:06.071
malicious
Windows Exe (x86-64)
Close
Setup.exe
malicious
SHA256:
72155cf4cf77e7c96e315ddc32bbb6b77ee3c62f9f1779b832ae8c192ae05559
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Makes indirect system calls to hide process injection
5/5
Tries to read cached credentials of various applications
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
3/5
Suspicious content matched by YARA rules
3/5
Captures clipboard data
3/5
Reads installed applications
3/5
Tries to evade debugger
3/5
Uses HTTP to upload a large amount of data
3/5
Attempts to connect through HTTP
3/5
Connects to a CMS hoster
2/5
Reads sensitive browser data
2/5
Reads network adapter information
2/5
Delays execution
2/5
Searches for sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Sends control codes to a driver
2/5
Queries a host's domain name
2/5
Collects hardware properties
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Enumerates running processes
2/5
Executes PowerShell without default profile
2/5
Uses system binaries to initiate network connections
2/5
Queries OS info via WMI
1/5
Query Firmware Information
1/5
Reads from memory of another process
1/5
Possibly does reconnaissance
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
URL contains a TLD highly associated with phishing
1/5
Resolves API functions dynamically
1/5
Executes dropped PE file
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Accesses Microsoft Security Software registry keys
1/5
Executes WMI query
1/5
Tries to detect debugger
1/5
Creates mutex
1/5
Reads system data
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
1/5
Unusual large memory allocation
Spyware
Injector
common.exe
2026-05-15T20:46:05.574
malicious
Windows Exe (x86-64)
Close
common.exe
malicious
SHA256:
f5c604a206bb967b2657569f33d30a10d91b5ab2fbf4fe3e310cb3a8f8f8836d
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
4/5
Modifies Windows Defender configuration
2/5
Enumerates running processes
2/5
Sets up server that accepts incoming connections
2/5
Reads network adapter information
2/5
Schedules task
2/5
Tries to detect application sandbox
2/5
Collects hardware properties
2/5
Searches for sensitive browser data
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Connects to remote host
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Reads system data
1/5
Enumerates running processes
1/5
Accesses Microsoft Security Software registry keys
1/5
Performs DNS request
1/5
Enables process privileges
1/5
Tries to connect using an uncommon port
sunwukongs.exe
2026-05-15T20:45:19.903
malicious
Windows Exe (x86-64)
Close
sunwukongs.exe
malicious
SHA256:
89b1b3c8ccdca7046fe30361f1fd9e70bd501daea2a28988ffa028c3428c680b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Captures clipboard data
3/5
Tries to detect the presence of antivirus software
3/5
Uses HTTP to upload a large amount of data
2/5
Collects hardware properties
2/5
Signed executable failed signature validation
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Queries OS info via WMI
2/5
Queries a host's domain name
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
1/5
URL contains a TLD highly associated with phishing
1/5
Enumerates running processes
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Creates a page with write and execute permissions
1/5
Resolves API functions dynamically
1/5
Query Firmware Information
Spyware