Threat Feed
Directrices de polĂticas para empleados 2026.pdf.exe
2026-06-25T16:53:43.929
malicious
Windows Exe (x86-32)
Close
Directrices de polĂticas para empleados 2026.pdf.exe
malicious
SHA256:
83e75a58f29d4172b534a3951fd83bb4e472f1014936f281ee39695f6dc6e037
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
GuLoader configuration was extracted
5/5
Agent Tesla configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Uses a double file extension
3/5
Classifies external IP address
3/5
Modifies native system functions
3/5
Makes unaligned API calls to possibly evade hooking based sandboxes
2/5
Reads sensitive browser data
2/5
Reads sensitive mail data
2/5
Suspicious content matched by YARA rules
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Hides files
2/5
Tries to detect virtual machine
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Tries to detect application sandbox
2/5
Sets up server that accepts incoming connections
2/5
Reads network adapter information
1/5
Queries system time
1/5
Accesses volumes directly
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Possibly does reconnaissance
1/5
Query OS Information
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Tries to detect debugger
1/5
Resolves API functions dynamically
1/5
Unusual large memory allocation
1/5
Creates a page with write and execute permissions
Spyware
Downloader
ProformaInvoice-5628-1.vbs
2026-06-25T16:34:01.442
malicious
VBScript
Close
ProformaInvoice-5628-1.vbs
malicious
SHA256:
d34d42aa33ae8ec42412fdf1233494466051e7fbc21c67db899f0472f0df6ce4
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Writes into the memory of another process
4/5
Attempts to connect through HTTP
4/5
Process Hollowing
4/5
Reads from memory of another process
4/5
Tries to detect kernel debugger
3/5
Suspicious content matched by YARA rules
2/5
Performs DNS request
2/5
Tries to detect debugger
2/5
Installs system startup script or application
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Content matched by YARA rules
1/5
Connects to remote host
Spyware
Injector
https://comprooroediamanti.it
2026-06-25T16:23:52.392
malicious
URL
Close
https://comprooroediamanti.it
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Possible Pastejacking attempt
4/5
URL extracted from clipboard data
3/5
SmartContract configuration was extracted
2/5
Communicates with a Web3 service
1/5
Page contains clickables with luring keywords
1/5
Content matched by YARA rules
1/5
URL contains a TLD highly associated with phishing
https://deviators.oidev.org
2026-06-25T16:23:13.385
malicious
URL
Close
https://deviators.oidev.org
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Possible Pastejacking attempt
4/5
URL extracted from clipboard data
3/5
SmartContract configuration was extracted
2/5
Communicates with a Web3 service
1/5
Page contains clickables with luring keywords
1/5
URL contains a TLD highly associated with phishing
1/5
Content matched by YARA rules
1/5
Suspicious page characteristics
file.exe
2026-06-25T16:23:03.300
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
0b466e164af0e6da4b2bf92d17ad8e931da9ed5b12ddc89dfc74f1bfcd5e90d1
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Reads installed applications
3/5
Suspicious content matched by YARA rules
3/5
Uses HTTP to upload a large amount of data
3/5
Modifies native system functions
2/5
Searches for sensitive FTP data
2/5
Deletes file after execution
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Searches for sensitive application data
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive VPN configuration data
2/5
Suspicious content matched by YARA rules
2/5
Modifies control flow of a process started from a created or modified executable
1/5
Performs DNS request
1/5
Query CPU Properties
1/5
Content matched by YARA rules
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Queries system time
1/5
Resolves API functions dynamically
1/5
Reads from memory of another process
1/5
Tries to detect debugger
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
Spyware