Threat Feed | Online Malware Sandbox

Windows Exe (x86-32)

XClient.exe

malicious

SHA256: 00d39fa82a1798733c7fee21eabb9d409c24e86fe2d6a1c9c2250b4580e5a91e

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

4/5

Malicious file detected via reputation

3/5

Monitors keyboard input

2/5

Collects hardware properties

2/5

Queries OS version via WMI

2/5

Tries to detect application sandbox

1/5

Checks external IP address

1/5

Resolves API functions dynamically

1/5

Performs DNS request

1/5

Creates mutex

1/5

Installs system startup script or application

1/5

Connects to remote host

1/5

Enables process privileges

Spyware

cheatos-miner.exe

2025-03-17T23:47:08.227

Windows Exe (x86-64)

cheatos-miner.exe

malicious

SHA256: 2ee5ae2190d98727273d65244c4f0659988acbe452e3d24a10e893c4cd66e51f

VMRay Threat Identifiers

Severity

Operation

4/5

Modifies control flow of another process

4/5

Process Hollowing

4/5

Malicious file detected via reputation

4/5

Writes into the memory of another process

2/5

Collects hardware properties

2/5

Enumerates running processes

2/5

Makes direct system call to possibly evade hooking based monitoring

1/5

Creates a page with write and execute permissions

1/5

Resolves API functions dynamically

1/5

Creates process with hidden window

1/5

Reads from memory of another process

1/5

Drops PE file

1/5

Overwrites code

1/5

Executes dropped PE file

1/5

Enables process privileges

Injector

8ae9c60f0b5881f7bd0844884ec13d9d.exe

2025-03-17T23:44:34.998

Windows Exe (x86-64)

8ae9c60f0b5881f7bd0844884ec13d9d.exe

malicious

SHA256: 1d2ff2e907878b9b35aaab6a3084813e8731adb65739aa71330f5392d37a1f4b

VMRay Threat Identifiers

Severity

Operation

5/5

Modifies content of user files

4/5

Masks file extension

4/5

Uses a double file extension

4/5

Malicious file detected via reputation

2/5

Tries to detect application sandbox

1/5

Modifies operating system directory

1/5

Resolves API functions dynamically

1/5

Modifies application directory

1/5

Installs system startup script or application

1/5

Drops PE file

1/5

Performs DNS request

Ransomware

b3d1fa05c1233deef062edf43f38e4f1.exe

2025-03-17T23:41:41.058

Windows Exe (x86-64)

b3d1fa05c1233deef062edf43f38e4f1.exe

malicious

SHA256: 72c80c98bfdb5346d15be099401b9e6ea7092fba78098de4bf65e64db40ce49c

VMRay Threat Identifiers

Severity

Operation

5/5

Modifies content of user files

4/5

Masks file extension

4/5

Uses a double file extension

4/5

Malicious file detected via reputation

2/5

Tries to detect application sandbox

1/5

Modifies operating system directory

1/5

Resolves API functions dynamically

1/5

Modifies application directory

1/5

Installs system startup script or application

1/5

Drops PE file

1/5

Performs DNS request

Ransomware

bRnwshpDp5sNsSPY.exe

2025-03-17T23:40:34.233

Windows Exe (x86-64)

bRnwshpDp5sNsSPY.exe

malicious

SHA256: 89e2f6f563dcca4f35d35511adf122213fb03d41f3b9124ca9daf55469920770

VMRay Threat Identifiers

Severity

Operation

5/5

Modifies content of user files

4/5

Uses a double file extension

4/5

Malicious file detected via reputation

4/5

Masks file extension

2/5

Tries to detect application sandbox

1/5

Installs system startup script or application

1/5

Possibly does reconnaissance

1/5

Executes dropped PE file

1/5

Resolves API functions dynamically

1/5

Modifies operating system directory

1/5

Drops PE file

1/5

Performs DNS request

1/5

Modifies application directory

Ransomware