Threat Feed
gYsWltAdzl5K68lI.exe
2026-04-19T22:54:11.138
malicious
Windows Exe (x86-32)
Close
gYsWltAdzl5K68lI.exe
malicious
SHA256:
03db1711f1f05e895184913b03aa3abf8f2343157453432842520c11ae4a5b80
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious content matched by YARA rules
3/5
Tries to detect the presence of antivirus software
3/5
Takes screenshot
3/5
Sends data via a Telegram bot
3/5
Captures clipboard data
2/5
Deletes file after execution
2/5
Tries to detect application sandbox
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Searches for sensitive browser data
2/5
Searches for sensitive application data
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
1/5
Connects to remote host
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Checks external IP address
1/5
Performs DNS request
1/5
Creates mutex
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
Spyware
B4nr9eDk3lhFAAf4.exe
2026-04-19T22:53:18.780
malicious
Windows Exe (x86-32)
Close
B4nr9eDk3lhFAAf4.exe
malicious
SHA256:
d16e4e653c87b4c70dc156ac3504865f6e35ea39a558e978c83fc6284955c06b
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Rename system utilities
4/5
Loads a dropped DLL into a system binary
3/5
All network connection attempts failed
2/5
Delays execution
2/5
Disables a system tool
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Installs system service
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Performs DNS request
1/5
Modifies operating system directory
mntDlnogvXKpBzKm.exe
2026-04-19T22:52:25.230
malicious
Windows Exe (x86-32)
Close
mntDlnogvXKpBzKm.exe
malicious
SHA256:
ae3cf0d330188d905e08e969e7030ebe4396f2e93856ae80ce6b6a591cae6815
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Loads a dropped DLL into a system binary
4/5
Rename system utilities
3/5
All network connection attempts failed
2/5
Sends control codes to a driver
2/5
Delays execution
2/5
Deletes file after execution
2/5
Enables critical process privileges
2/5
Accesses physical drive
1/5
Installs system service
1/5
Performs DNS request
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Modifies operating system directory
1/5
Query OS Information
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Accesses volumes directly
QtDDc5MXY0GQIRX0.exe
2026-04-19T22:52:19.739
malicious
Windows Exe (x86-32)
Close
QtDDc5MXY0GQIRX0.exe
malicious
SHA256:
ba17aa2c4a53278d378fc8f4288d3c21ea682cf10715e5eed6e26e4935ac784f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Loads a dropped DLL into a system binary
4/5
Masks file extension
4/5
Rename system utilities
3/5
Executes code with kernel privileges
3/5
All network connection attempts failed
2/5
Creates a new process from a system binary
2/5
Enables critical process privileges
2/5
Sends control codes to a driver
2/5
Adds service dependency
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Delays execution
2/5
Creates an unusually large number of processes
1/5
Installs kernel driver
1/5
Performs DNS request
1/5
Modifies operating system directory
1/5
Installs system service
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Creates mutex
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Enumerates running processes
Backdoor
Hacktool
file.exe
2026-04-19T22:49:56.272
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
0acf9c98ac5274e2b6a2f55069cf25d117d1b8c17dfc3c6151160bd44475740b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Vidar configuration was extracted
5/5
Tries to read cached credentials of various applications
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
4/5
Malicious content matched by YARA rules
3/5
Uses HTTP to upload a large amount of data
3/5
Reads installed applications
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Delays execution
2/5
Allows invalid SSL certificates
2/5
Searches for sensitive mail data
2/5
Reads sensitive browser data
2/5
Tries to detect virtual machine
2/5
Dead Drop Resolver
1/5
Creates a page with write and execute permissions
1/5
Reads system data
1/5
Query OS Information
1/5
Query CPU Properties
1/5
Enumerates running processes
1/5
Tries to detect debugger
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Unusual large memory allocation
Spyware
Injector