Threat Feed | Online Malware Sandbox

Windows Exe (x86-32)

BUCK67f82QxP40cK.exe

malicious

SHA256: 2cf2dc2d089088c84208912ca32a2ece8729f64b46801e336726f42ef484f138

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Modifies native system functions

3/5

Tries to evade debugger

2/5

Tries to detect kernel debugger

2/5

Tries to detect virtual machine

2/5

Makes direct system call to possibly evade hooking based monitoring

1/5

Enumerates running processes

1/5

Drops PE file

1/5

Executes dropped PE file

1/5

Tries to detect debugger

Trojan

vqFjHsJHmgqnT6Cn.exe

2026-02-20T20:25:43.154

Windows Exe (x86-32)

vqFjHsJHmgqnT6Cn.exe

malicious

SHA256: 3be05cad723b22c11e949f88330668b45f031299de7eb3fbdf9b356709f80eac

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Tries to evade debugger

3/5

Modifies native system functions

2/5

Tries to detect kernel debugger

2/5

Tries to detect virtual machine

2/5

Makes direct system call to possibly evade hooking based monitoring

1/5

Drops PE file

1/5

Executes dropped PE file

1/5

Enumerates running processes

1/5

Tries to detect debugger

Trojan

GfUTN3i2yRz9BkY1.exe

2026-02-20T20:24:46.131

Windows Exe (x86-32)

GfUTN3i2yRz9BkY1.exe

malicious

SHA256: 1f592608bcae8453c1fdc78a609e29a3dd1aff6c5d0bfb5a15fbcf3e57c49404

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Deletes file after execution

2/5

Enables critical process privileges

2/5

Deletes file after execution

2/5

Allows invalid SSL certificates

1/5

Creates process with hidden window

1/5

Performs DNS request

1/5

Connects to remote host

1/5

URL contains a TLD highly associated with phishing

1/5

Drops PE file

1/5

Enables process privileges

1/5

Executes dropped PE file

1/5

Modifies operating system directory

1/5

Creates mutex

1/5

Enumerates running processes

1/5

Installs system service

Ransomware

2KIhTN6EUbX4bono.exe

2026-02-20T20:23:58.519

Windows Exe (x86-32)

2KIhTN6EUbX4bono.exe

malicious

SHA256: accd7b2090589cde90967c6e82d9a233cd67b72080804c7b4aa1735c4c3017e0

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

All network connection attempts failed

2/5

Allows invalid SSL certificates

1/5

Executes dropped PE file

1/5

Creates a page with write and execute permissions

1/5

Creates process with hidden window

1/5

Resolves API functions dynamically

1/5

Drops PE file

Ransomware

1rSOO0WW8D6SV36h.exe

2026-02-20T20:19:10.404

Windows Exe (x86-32)

1rSOO0WW8D6SV36h.exe

malicious

SHA256: d5ea25ce9ca04392d4bb93575a9e8044950859df802d47c7a0d63198f1e42cc1

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

4/5

Bypasses Windows User Account Control (UAC)

4/5

Modifies Windows Defender configuration

3/5

Executable modifies its own file

2/5

Creates an unusually large number of processes

2/5

Schedules task

2/5

Schedules task via schtasks

2/5

Suspicious content matched by YARA rules

1/5

Enables process privileges

1/5

Resolves API functions dynamically

1/5

A monitored process crashed

1/5

Creates mutex

1/5

Content matched by YARA rules

1/5

Query OS Information

1/5

Enumerates running processes

1/5

Installs system startup script or application

1/5

Modifies application directory

1/5

Writes an unusually large amount of data to the registry

1/5

Modifies operating system directory

1/5

Creates process with hidden window

Backdoor