Threat Feed
hnygco8lOkHGhfb5.exe
2026-02-05T20:47:40.866
malicious
Windows Exe (x86-64)
Close
hnygco8lOkHGhfb5.exe
malicious
SHA256:
270174ebf85a744a0572f527deb8c10610383837e7d0514c81987cdb9c9c1407
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
4/5
Malicious content matched by YARA rules
3/5
Reads installed applications
3/5
Sends data via a Telegram bot
3/5
Suspicious content matched by YARA rules
2/5
Reads sensitive mail data
2/5
Searches for sensitive browser data
2/5
Reads network adapter information
2/5
Searches for sensitive mail data
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Peripheral Device Discovery
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
1/5
Performs DNS request
1/5
Checks external IP address
1/5
Accesses volumes directly
1/5
Possibly does reconnaissance
1/5
Query OS Information
1/5
Enables process privileges
1/5
Reads system data
1/5
Enumerates running processes
1/5
Query CPU Properties
1/5
Content matched by YARA rules
1/5
Connects to remote host
1/5
Creates process with hidden window
Spyware
PO PP-V25SL0277.js
2026-02-05T20:45:29.937
malicious
JScript
Close
PO PP-V25SL0277.js
malicious
SHA256:
bf8ac60a42cfd9997263485802eee05e25dbb9cd66518039f15a4ff40a3aedf0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
4/5
Reads from memory of another process
4/5
Process Hollowing
3/5
Reads sensitive mail data
3/5
A monitored process crashed
3/5
Bypasses PowerShell execution policy
3/5
Reads sensitive browser data
2/5
Searches for sensitive mail data
2/5
Enables process privileges
2/5
Possibly does reconnaissance
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Reads network adapter information
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Performs DNS request
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive browser data
1/5
Connects to remote host
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Connects to SMTP server
Spyware
Injector
eujymlp.cmd
2026-02-05T20:42:40.163
malicious
Windows Batch File
Close
eujymlp.cmd
malicious
SHA256:
16b96bc2dabc3acf8448c0378664f16b8f9c8f72c519fb761af740cef5cb7eb2
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies operating system directory
4/5
Attempts to connect through HTTPS
4/5
Hijack installed services
4/5
Installs system service
3/5
Delays execution
3/5
Suspicious content matched by YARA rules
3/5
Takes screenshot
3/5
Modifies application directory
3/5
Loads dropped dll via known dll loaders
2/5
Collects user account information
2/5
Queries a host's domain name
2/5
Writes an unusually large amount of data to the registry
2/5
Enables process privileges
2/5
Reads network adapter information
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Performs DNS request
2/5
Tries to connect using an uncommon port
2/5
Drops PE file
2/5
Loads a dropped DLL
2/5
Executes PowerShell without default profile
2/5
Executes dropped PE file
1/5
Collects timezone settings
1/5
Enumerates running processes
1/5
Collects BIOS properties
1/5
Timestamp manipulation
1/5
Query OS Information
1/5
Executes WMI query
1/5
Query CPU Properties
1/5
Uses encryption API
1/5
Creates mutex
1/5
Connects to remote host
PUA
togo.exe
2026-02-05T20:42:33.247
malicious
Windows Exe (x86-32)
Close
togo.exe
malicious
SHA256:
3b5db6be7d29f54d8359f1c79910a99a9d9c741387a87172e6cb68cc7a2343c1
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
SnakeKeylogger configuration was extracted
4/5
Process Hollowing
4/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
Makes direct system calls to hide process injection
2/5
Suspicious content matched by YARA rules
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Reloads native system libraries
1/5
Tries to detect debugger
1/5
Content matched by YARA rules
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
A monitored process crashed
Spyware
Injector
https://atendimentoonline-seguro.vercel.app/?utm_source=organic&utm_campaign=&utm_medium=&utm_content=&utm_term=
2026-02-05T20:25:16.372
malicious
URL
Close
https://atendimentoonline-seguro.vercel.app/?utm_source=organic&utm_campaign=&utm_medium=&utm_content=&utm_term=
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Combination of other detections indicates the page is malicious
4/5
Page shows artifacts of mirroring tools
4/5
Phishing page detected via Machine Learning
2/5
Page is served from a service commonly used for temporary hosting
1/5
URL contains a TLD highly associated with phishing
1/5
Page secured via a Domain Validated SSL certificate
1/5
Resource is loaded from a service commonly used for temporary hosting
1/5
Checks external IP address
Phishing