Threat Feed
RpvvCtFpbieSI7tj.exe
2026-04-11T17:26:09.109
malicious
Windows Exe (x86-32)
Close
RpvvCtFpbieSI7tj.exe
malicious
SHA256:
f34f175d1ee99e822c51207c85ae1931c4ad71f9d889c229e0cf8b80efdd6054
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Vidar configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
3/5
Reads installed applications
2/5
Peripheral Device Discovery
2/5
Installs system monitor to detect memory accesses
2/5
Queries OS info via WMI
2/5
Dead Drop Resolver
2/5
Suspicious content matched by YARA rules
1/5
A monitored process crashed
1/5
Content matched by YARA rules
1/5
Creates a page with write and execute permissions
1/5
Executes WMI query
1/5
Query OS Information
1/5
Resolves API functions dynamically
1/5
Reads system data
1/5
Enumerates running processes
1/5
Query CPU Properties
Spyware
LVWAknr59DzRoVZc.exe
2026-04-11T17:24:20.373
malicious
Windows Exe (x86-64)
Close
LVWAknr59DzRoVZc.exe
malicious
SHA256:
ca8836214407785e2ae8ea11fc8bbbe17d4af1f1c2a5dd78426e09ed49385f53
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
4/5
Modifies Windows Defender configuration
4/5
Malicious content matched by YARA rules
4/5
Blocks network connection to security products
4/5
Bypasses Windows User Account Control (UAC)
4/5
Creates elevated child process
3/5
Suspicious content matched by YARA rules
3/5
Bypasses PowerShell execution policy
3/5
Classifies external IP address
2/5
Executes PowerShell without default profile
2/5
Disables a system tool
2/5
Collects hardware properties
2/5
Suspicious content matched by YARA rules
2/5
Hides files
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
2/5
Hijack installed services
2/5
Queries OS info via WMI
2/5
Reads network adapter information
2/5
Reads sensitive browser data
2/5
Searches for sensitive mail data
2/5
Sets up server that accepts incoming connections
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Checks external IP address
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Enables process privileges
1/5
Creates mutex
1/5
Installs system startup script or application
1/5
Unusual large memory allocation
Spyware
QrpkN3iYkoGjmU6Q.exe
2026-04-11T17:18:36.202
malicious
Windows Exe (x86-32)
Close
QrpkN3iYkoGjmU6Q.exe
malicious
SHA256:
8d1b275cb7e5aa495fe995bd4cb9345da5351bd606b3a660c38ce9d89ce99d5d
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
3/5
Monitors keyboard input
3/5
Bypasses PowerShell execution policy
3/5
Classifies external IP address
2/5
Schedules task
2/5
Schedules task via schtasks
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Tries to detect application sandbox
1/5
Query OS Information
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Enables process privileges
Spyware
Downloader
dPDoQKumvAji9erw.exe
2026-04-11T17:12:34.062
malicious
Windows Exe (x86-32)
Close
dPDoQKumvAji9erw.exe
malicious
SHA256:
0bb31dbf069bd2cd2a3d07970b85eaf5b70a7bce0d97bcf3cc69636de638fbf7
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Hides files
1/5
Modifies operating system directory
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Modifies application directory
1/5
Possibly does reconnaissance
Virus
APtSo1qVpsFFvpHz.exe
2026-04-11T17:12:30.418
malicious
Windows Exe (x86-32)
Close
APtSo1qVpsFFvpHz.exe
malicious
SHA256:
d71799f7d8e5414a6313f2f7a0d3164949d62bcd5d81c1da7ed63f555ba26be7
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Hides files
1/5
Possibly does reconnaissance
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Modifies application directory
Virus