Threat Feed
rJh5285RLvLwn58x.exe
2026-06-13T14:02:11.690
malicious
Windows Exe (x86-32)
Close
rJh5285RLvLwn58x.exe
malicious
SHA256:
070f20fe5060d8380699d2a6ccdc4a4016f0c6b6b5a2ab04d17415aa8e48de61
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
4/5
Entry point injection
4/5
Injected process sets up server that accepts incoming connections
4/5
DLL Hollowing
3/5
Tries to detect the presence of antivirus software
3/5
Uses HTTP to upload a large amount of data
3/5
Modifies native system functions
3/5
Reads installed applications
3/5
Makes direct system calls to hide process injection
3/5
Tries to evade debugger
2/5
Writes into the memory of a process started from a created or modified executable
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Reads sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Signed executable failed signature validation
2/5
Searches for sensitive browser data
2/5
Searches for sensitive application data
2/5
Searches for sensitive mail data
2/5
Deletes file after execution
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Delays execution
1/5
Timestamp manipulation
1/5
Content matched by YARA rules
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Reloads native system libraries
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Tries to detect debugger
1/5
Creates mutex
1/5
Reads system data
1/5
Enables process privileges
1/5
Query OS Information
1/5
Query CPU Properties
1/5
Accesses volumes directly
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Enumerates running processes
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
Spyware
Backdoor
Downloader
Injector
d3vq9gZkSgjAqWat.exe
2026-06-13T13:54:42.065
malicious
Windows Exe (x86-64)
Close
d3vq9gZkSgjAqWat.exe
malicious
SHA256:
e7b999184fe1dd10a5018bfe049ba961059df4b3e826393bb7886abb82956b80
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
3/5
Uses HTTP to upload a large amount of data
3/5
Takes screenshot
3/5
Captures clipboard data
3/5
Tries to detect the presence of antivirus software
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Schedules task
2/5
Queries OS info via WMI
2/5
Suspicious content matched by YARA rules
2/5
Delays execution
2/5
Collects hardware properties
2/5
Queries a host's domain name
1/5
Resolves API functions dynamically
1/5
Enumerates running processes
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
URL contains a TLD highly associated with phishing
1/5
Content matched by YARA rules
1/5
Unusual large memory allocation
1/5
A monitored process crashed
1/5
Executes dropped PE file
1/5
Downloads executable
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Query Firmware Information
Spyware
Downloader
mrUp0x1akzNOuDQz.exe
2026-06-13T13:53:16.375
malicious
Windows Exe (x86-32)
Close
mrUp0x1akzNOuDQz.exe
malicious
SHA256:
014cab35fc7b83f10aca576569c9fd525efeb647a81298be45328b0ebda3c791
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
UmbralStealer configuration was extracted
4/5
Modifies Windows Defender configuration
4/5
Malicious content matched by YARA rules
4/5
Blocks network connection to security products
3/5
Classifies external IP address
3/5
Takes screenshot
3/5
Deletes file after execution
3/5
Suspicious content matched by YARA rules
2/5
Collects hardware properties
2/5
Reads network configuration
2/5
Sets up server that accepts incoming connections
2/5
Searches for sensitive browser data
2/5
Deletes file after execution
2/5
Suspicious content matched by YARA rules
2/5
Queries OS info via WMI
2/5
Hides files
1/5
Installs system startup script or application
1/5
Query OS Information
1/5
Creates process with hidden window
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Accesses Microsoft Security Software registry keys
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Creates mutex
1/5
Modifies operating system directory
1/5
Enables process privileges
1/5
Enumerates running processes
Spyware
BnypenLBORr8uVQU.dll
2026-06-13T13:46:56.750
malicious
Windows DLL (x86-64)
Close
BnypenLBORr8uVQU.dll
malicious
SHA256:
0bc537d6625ca6a82ecac6f05df6b2227290f0d3ce65688648bc7aea39b2a38e
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
All network connection attempts failed
1/5
Creates mutex
1/5
Connects to remote host
1/5
Resolves API functions dynamically
1/5
Enumerates running processes
1/5
Drops PE file
1/5
Enables process privileges
1/5
Creates a page with write and execute permissions
Injector
zgent63392010.exe
2026-06-13T13:04:25.759
malicious
Windows Exe (x86-64)
Close
zgent63392010.exe
malicious
SHA256:
542ed599e59e79c0cc6d6add506b993f00b0bd818bc4d4efb86cf0a4d32a4417
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
4/5
Masks file extension
3/5
Modifies native system functions
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Schedules task
2/5
Tries to detect virtual machine
1/5
Modifies application directory
1/5
Downloads file
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Creates a page with write and execute permissions
1/5
Executes dropped PE file
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Reads from memory of another process
Hacktool
Injector