Threat Feed | Online Malware Sandbox

Windows Exe (x86-32)

4mOeodNDCbzBrImu.exe

malicious

SHA256: 697c63bd3f6207e0ac20198f818c01f6a4f68e64d392bd8f0469bb5b9a0851f7

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Tries to detect the presence of antivirus software

2/5

Queries OS info via WMI

2/5

Deletes file after execution

1/5

Modifies operating system directory

1/5

Enables process privileges

1/5

Creates mutex

1/5

Enumerates running processes

1/5

Resolves API functions dynamically

1/5

Installs system startup script or application

1/5

Query OS Information

Worm

ZH4ENafpMu1QcAiS.exe

2026-04-12T13:41:50.645

Windows Exe (x86-32)

ZH4ENafpMu1QcAiS.exe

malicious

SHA256: c53045917189551237cbd38c5952f0cbd3fdd0a97911153916d8851fbaf6d0dc

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Hides files

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

Creates a page with write and execute permissions

1/5

Possibly does reconnaissance

1/5

Modifies application directory

Virus

zWNSgA6GiuVcaOTV.exe

2026-04-12T13:40:40.509

Windows Exe (x86-32)

zWNSgA6GiuVcaOTV.exe

malicious

SHA256: 8461e86bd9d395a47294901ddba1403ec3ed36f7bdabee0402d1482b9eec2d9b

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates file(s) in the .NET assembly directory to hide them from Windows Explorer

1/5

Creates a page with write and execute permissions

1/5

Possibly does reconnaissance

1/5

Modifies operating system directory

1/5

Drops PE file

1/5

Timestamp manipulation

1/5

Drops PE masquerading Filename

1/5

Creates process with hidden window

1/5

Tries to detect debugger

1/5

Modifies application directory

OeaH7ESCdAJTdeLZ.exe

2026-04-12T13:40:21.974

Windows Exe (x86-32)

OeaH7ESCdAJTdeLZ.exe

malicious

SHA256: 2ad113e5a2b775289778ebfdcc782e9c3a0fdda39fa67f1a9f6eefacc96fbb67

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Hides files

2/5

Searches for sensitive browser data

1/5

Modifies operating system directory

1/5

Content matched by YARA rules

1/5

Obfuscates control flow

1/5

Resolves API functions dynamically

1/5

Creates a page with write and execute permissions

1/5

Drops PE file

1/5

Possibly does reconnaissance

1/5

Modifies application directory

Virus

H0rNdbFZZuAv4WM3.exe

2026-04-12T13:39:23.905

Windows Exe (x86-32)

H0rNdbFZZuAv4WM3.exe

malicious

SHA256: c33f1d2e32a0f7442604f55df89f8a4998b996a818122c353f4be38eeaf91e75

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates file(s) in the .NET assembly directory to hide them from Windows Explorer

2/5

Searches for sensitive browser data

2/5

Hides files

2/5

Disables a system tool

1/5

Resolves API functions dynamically

1/5

Creates an unusually large number of files

1/5

Drops PE file

1/5

Modifies operating system directory

1/5

Modifies application directory

1/5

Possibly does reconnaissance

1/5

Creates a page with write and execute permissions

1/5

Obfuscates control flow

Virus