Threat Feed
kh0lxyJ6OEmfBGri.exe
2026-06-28T16:54:56.005
malicious
Windows Exe (x86-32)
Close
kh0lxyJ6OEmfBGri.exe
malicious
SHA256:
f10ca00f92bb5f9491aaf4e6a4e753202fb91f423f4e93d8d261283058967cf5
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
1/5
Creates mutex
1/5
Enables process privileges
1/5
Modifies operating system directory
1/5
Queries system time
Virus
gxC3cmdslzt1H4jA.exe
2026-06-28T16:49:35.465
malicious
Windows Exe (x86-32)
Close
gxC3cmdslzt1H4jA.exe
malicious
SHA256:
079b1fdad7f54b57fd18128842d92f028f7c12e62d782e01fcaa4a3e3e235a08
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Signed executable failed signature validation
2/5
Hides files
2/5
Deletes file after execution
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Writes an unusually large amount of data to the registry
1/5
Possibly does reconnaissance
1/5
Queries system time
1/5
Enumerates running processes
1/5
Modifies application directory
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Content matched by YARA rules
Hacktool
tcY1ppJo3UPivKnP.exe
2026-06-28T16:46:54.907
malicious
Windows Exe (x86-32)
Close
tcY1ppJo3UPivKnP.exe
malicious
SHA256:
f0d82b70391d5f6279f5608839d6ef7f66a51f1157b9f0c3af410b68cd5c6392
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Tries to evade debugger
3/5
Modifies native system functions
2/5
Tries to detect kernel debugger
2/5
Tries to detect virtual machine
1/5
Queries system time
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Enumerates running processes
1/5
Tries to detect debugger
Trojan
Ssstsx2L8TBP0rwf.exe
2026-06-28T16:45:19.532
malicious
Windows Exe (x86-32)
Close
Ssstsx2L8TBP0rwf.exe
malicious
SHA256:
41ffb25817d7f210617de886ec3b776ae44875fa0ce8ac63b670205a4415585f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
3/5
All network connection attempts failed
2/5
Hides files
2/5
Signed executable failed signature validation
2/5
Deletes file after execution
1/5
Creates process with hidden window
1/5
Queries system time
1/5
Creates mutex
1/5
Modifies application directory
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Executes dropped PE file
Hacktool
PO for samples.JS
2026-06-28T16:38:27.468
malicious
JScript
Close
PO for samples.JS
malicious
SHA256:
68342135a1fc950275e20600e8ebbf62258744f26adae735a73fff741d75aca8
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
5/5
Malicious content matched by YARA rules
5/5
Sets up server that accepts incoming connections
5/5
Agent Tesla configuration was extracted
4/5
Tries to evade debugger
4/5
Tries to detect application sandbox
3/5
Classifies external IP address
3/5
Reads sensitive browser data
3/5
Reads sensitive mail data
2/5
Collects hardware properties
2/5
Searches for sensitive mail data
2/5
Possibly does reconnaissance
2/5
Performs DNS request
2/5
Tries to connect using an uncommon port
2/5
Suspicious content matched by YARA rules
2/5
Enables process privileges
2/5
Executes dropped PE file
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
2/5
Queries OS info via WMI
1/5
Reloads native system libraries
1/5
Queries system time
1/5
Content matched by YARA rules
1/5
Query OS Information
1/5
Connects to remote host
1/5
Enumerates running processes
1/5
Unusual large memory allocation
Spyware
Backdoor
Downloader