Threat Feed
vovZCZpkaOrvkEEX.exe
2026-02-25T20:22:01.436
malicious
Windows Exe (x86-32)
Close
vovZCZpkaOrvkEEX.exe
malicious
SHA256:
d0ac160e931f7686a215ae0a7e01e11799e17937db0da9223d07d22456126463
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Remcos configuration was extracted
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
4/5
Obscures a file's origin
4/5
Process Hollowing
4/5
Monitors clipboard content
3/5
Monitors keyboard input
3/5
All network connection attempts failed
2/5
Signed executable failed signature validation
2/5
Deletes file after execution
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Searches for sensitive browser data
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Installs system startup script or application
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Creates mutex
1/5
Query OS Information
1/5
Executes WMI query
Spyware
Backdoor
Keylogger
Injector
d9aef53cebc16d5e3b60770a93da43c6a94b18cfed03b09e269b2a52c0f77f66.exe
2026-02-25T19:50:49.982
malicious
Windows Exe (x86-32)
Close
d9aef53cebc16d5e3b60770a93da43c6a94b18cfed03b09e269b2a52c0f77f66.exe
malicious
SHA256:
d9aef53cebc16d5e3b60770a93da43c6a94b18cfed03b09e269b2a52c0f77f66
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
4/5
Bypasses Windows User Account Control (UAC)
4/5
Creates a new process masquerading as a system process
4/5
Modifies Windows Defender configuration
3/5
Tries to detect the presence of antivirus software
3/5
All network connection attempts failed
3/5
Tries to detect the presence of firewall software
3/5
Executable modifies its own file
2/5
Collects hardware properties
2/5
Modifies network configuration
2/5
Creates a new process from a system binary
2/5
Schedules task
2/5
Schedules task via schtasks
2/5
Creates an unusually large number of processes
2/5
Reads network adapter information
2/5
Enumerates running processes
2/5
Suspicious content matched by YARA rules
2/5
Collects BIOS properties
1/5
Accesses volumes directly
1/5
Query OS Information
1/5
Modifies operating system directory
1/5
Installs system startup script or application
1/5
Modifies application directory
1/5
Writes an unusually large amount of data to the registry
1/5
Enumerates running processes
1/5
Reads from memory of another process
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Executes WMI query
1/5
Performs DNS request
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Enables process privileges
Backdoor
437e6288a336263adf33dc3ff2f946e2082e1bcb7c6bd80a5ffec687006feff9.exe
2026-02-25T19:50:08.334
malicious
Windows Exe (x86-64)
Close
437e6288a336263adf33dc3ff2f946e2082e1bcb7c6bd80a5ffec687006feff9.exe
malicious
SHA256:
437e6288a336263adf33dc3ff2f946e2082e1bcb7c6bd80a5ffec687006feff9
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Modifies Windows Defender configuration
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Modifies native system functions
2/5
Schedules task
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Creates mutex
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Modifies application directory
1/5
Creates a page with write and execute permissions
1/5
Reads from memory of another process
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Downloads file
Injector
e5ef7da26297233633b1a7c2ca27ca9c5ae015a645c75936b9e74178a45cddf2.exe
2026-02-25T19:49:22.059
malicious
Windows Exe (x86-32)
Close
e5ef7da26297233633b1a7c2ca27ca9c5ae015a645c75936b9e74178a45cddf2.exe
malicious
SHA256:
e5ef7da26297233633b1a7c2ca27ca9c5ae015a645c75936b9e74178a45cddf2
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Delays execution
2/5
Writes into the memory of a process started from a created or modified executable
2/5
Signed executable failed signature validation
1/5
Resolves API functions dynamically
1/5
Executes dropped PE file
1/5
Creates process with hidden window
1/5
Drops PE file
Downloader
dd4b69230bbe2ed8cde95f7a9a7aea0f61fd537151e63cb06bfc46374dfd9f06.exe
2026-02-25T19:48:26.506
malicious
Windows Exe (x86-32)
Close
dd4b69230bbe2ed8cde95f7a9a7aea0f61fd537151e63cb06bfc46374dfd9f06.exe
malicious
SHA256:
dd4b69230bbe2ed8cde95f7a9a7aea0f61fd537151e63cb06bfc46374dfd9f06
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Modifies Windows Defender configuration
4/5
Bypasses Windows User Account Control (UAC)
3/5
Executable modifies its own file
3/5
All network connection attempts failed
3/5
Tries to detect the presence of antivirus software
3/5
Tries to detect the presence of firewall software
2/5
Modifies network configuration
2/5
Suspicious content matched by YARA rules
2/5
Collects BIOS properties
2/5
Schedules task
2/5
Schedules task via schtasks
2/5
Reads network adapter information
2/5
Creates an unusually large number of processes
2/5
Collects hardware properties
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Modifies operating system directory
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Content matched by YARA rules
1/5
Installs system startup script or application
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Modifies application directory
1/5
Writes an unusually large amount of data to the registry
1/5
Enables process privileges
Backdoor