Threat Feed
file.exe
2026-06-30T16:55:58.199
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
49a58699c0421dc0f5769ec37936b3ae01b7dd5e715a7075e5e39ea78715120e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Queries OS info via WMI
2/5
Tries to detect virtual machine
2/5
Suspicious content matched by YARA rules
2/5
Sets up server that accepts incoming connections
2/5
Delays execution
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Possibly does reconnaissance
1/5
Creates process with hidden window
1/5
Accesses volumes directly
1/5
Queries system time
1/5
Enumerates running processes
1/5
Enables process privileges
1/5
Tries to detect debugger
1/5
Monitors keyboard input
1/5
Monitors mouse movements and clicks
Hacktool
4RL5ezyvFklRo9Kh.exe
2026-06-30T16:50:50.282
malicious
Windows Exe (x86-32)
Close
4RL5ezyvFklRo9Kh.exe
malicious
SHA256:
89eb7577a8b302b9c225751fff0f58f4044937b0c58a84b705fb66b6be37be27
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Known malicious mutex name is created
5/5
Malicious content matched by YARA rules
5/5
SalatStealer configuration was extracted
4/5
Creates a Process with redirected Input
3/5
Takes screenshot
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Queries OS info via WMI
2/5
Reads network adapter information
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive application data
2/5
Collects hardware properties
2/5
Schedules task
2/5
Searches for cryptocurrency wallet locations
1/5
Accesses Microsoft Security Software registry keys
1/5
Reads system data
1/5
Queries system time
1/5
Installs system startup script or application
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Possibly does reconnaissance
1/5
Unusual large memory allocation
1/5
Performs DNS request
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Timestamp manipulation
Spyware
Nomina-07-19-2026.jse
2026-06-30T16:50:15.151
malicious
JScript
Close
Nomina-07-19-2026.jse
malicious
SHA256:
051ba8a38bb5d0cca0148cba721dab030904e56f4459b2a0b7bf878b8e80a39b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Injected process sets up server that accepts incoming connections
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Agent Tesla configuration was extracted
4/5
Tries to detect application sandbox
4/5
Process Hollowing
4/5
Writes into the memory of another process
4/5
Reads from memory of another process
3/5
Bypasses PowerShell execution policy
3/5
Reads sensitive mail data
3/5
Reads sensitive browser data
3/5
Classifies external IP address
2/5
Reads network adapter information
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive browser data
2/5
Performs DNS request
2/5
Tries to connect using an uncommon port
2/5
Suspicious content matched by YARA rules
2/5
Possibly does reconnaissance
2/5
Searches for sensitive mail data
2/5
Enables process privileges
2/5
Queries OS info via WMI
2/5
Collects hardware properties
1/5
Connects to remote host
1/5
Queries system time
1/5
Enumerates running processes
1/5
Accesses Microsoft Security Software registry keys
1/5
Query OS Information
Spyware
Backdoor
Injector
2KtmvXORRVFHroYe.exe
2026-06-30T16:48:57.524
malicious
Windows Exe (x86-32)
Close
2KtmvXORRVFHroYe.exe
malicious
SHA256:
028738c5837494b44e9ebf63d022a75bcf49982702f239890732c4ce4b655f0a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
XWorm configuration was extracted
4/5
Process Hollowing
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Classifies external IP address
2/5
Collects hardware properties
2/5
Tries to detect application sandbox
2/5
Queries OS info via WMI
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Reads from memory of another process
1/5
Enables process privileges
1/5
Creates a page with write and execute permissions
1/5
Creates mutex
1/5
Queries system time
1/5
Query OS Information
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
Spyware
Injector
tNyYmn7vHtSpzQ7E.exe
2026-06-30T16:46:43.011
malicious
Windows Exe (x86-32)
Close
tNyYmn7vHtSpzQ7E.exe
malicious
SHA256:
e72314942da3949dcd79452f11a33f0ad81536eaea0bc93160667f8bfff9bfbe
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Tries to evade debugger
3/5
Modifies native system functions
2/5
Tries to detect kernel debugger
2/5
Tries to detect virtual machine
1/5
Queries system time
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Enumerates running processes
1/5
Tries to detect debugger
Trojan