Threat Feed
dQ9MyiM0byLNp3ZP.exe
2026-03-24T18:15:12.407
malicious
Windows Exe (x86-64)
Close
dQ9MyiM0byLNp3ZP.exe
malicious
SHA256:
3fcc4a0d6ed3828cbd8dc5bffa33c5ea24ffe1a8e71ff197a7717c8e6b11f83e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Suspicious content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Tries to detect debugger
1/5
Content matched by YARA rules
1/5
Enumerates running processes
Spyware
AQ0dB12IJL0EZ706.exe
2026-03-24T18:07:58.858
malicious
Windows Exe (x86-32)
Close
AQ0dB12IJL0EZ706.exe
malicious
SHA256:
cd3e2f6bd32b4996ef2ff301b82c98881b9ada4d17102dbfb0440b48c53cb44b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
4/5
Process Hollowing
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Monitors user input
3/5
All network connection attempts failed
3/5
Monitors keyboard input
2/5
Uses Alternate Data Stream (ADS) file attributes
2/5
Creates an unusually large number of processes
2/5
Schedules task
2/5
Schedules task via schtasks
2/5
Deletes file after execution
2/5
Delays execution
2/5
Searches for sensitive mail data
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
2/5
Reads sensitive mail data
2/5
Searches for sensitive VPN configuration data
2/5
Reads sensitive browser data
1/5
Creates a page with write and execute permissions
1/5
Reads from memory of another process
1/5
Monitors mouse movements and clicks
1/5
Reads mouse position
1/5
Performs DNS request
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Possibly does reconnaissance
1/5
Tries to detect debugger
1/5
Executes dropped PE file
1/5
Content matched by YARA rules
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Installs system startup script or application
1/5
Monitors keyboard input
Spyware
Injector
79u4rpQ6eaktK7Aa.exe
2026-03-24T18:01:50.129
malicious
Windows Exe (x86-32)
Close
79u4rpQ6eaktK7Aa.exe
malicious
SHA256:
66caeb5bd1008ab5bd2e7e1c4c17430821674e25a3648af7a9dcdb4075e5eb96
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Creates file(s) in the .NET assembly directory to hide them from Windows Explorer
2/5
Searches for sensitive browser data
2/5
Hides files
1/5
Obfuscates control flow
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Modifies application directory
1/5
Possibly does reconnaissance
1/5
Modifies operating system directory
Virus
PxCBwd8Qw353OhWf.exe
2026-03-24T18:01:07.923
malicious
Windows Exe (x86-32)
Close
PxCBwd8Qw353OhWf.exe
malicious
SHA256:
d2b5cb1662a115701655d8427f0b46d8d496e1cbc12c88dac418c0efdb4b740a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Hides files
1/5
Creates a page with write and execute permissions
1/5
Modifies application directory
1/5
Resolves API functions dynamically
1/5
Drops PE file
Virus
jDJqcewMl6MBRDrY.exe
2026-03-24T18:00:32.883
malicious
Windows Exe (x86-32)
Close
jDJqcewMl6MBRDrY.exe
malicious
SHA256:
aafed8a950fc5b1366da4e0f49de2f74797982a7e1340ea8ce594e986794ee14
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Creates file(s) in the .NET assembly directory to hide them from Windows Explorer
2/5
Searches for sensitive browser data
2/5
Hides files
1/5
Obfuscates control flow
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Modifies application directory
1/5
Possibly does reconnaissance
1/5
Modifies operating system directory
Virus