Threat Feed
scan.exe
2026-04-27T10:51:16.633
malicious
Windows Exe (x86-32)
Close
scan.exe
malicious
SHA256:
cbd15a8deafc21dedc62f380ba04e95a371a05e99e7f3c388eddb5b8572812ad
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Remcos configuration was extracted
5/5
GuLoader configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
3/5
Modifies native system functions
3/5
Tries to evade debugger
3/5
Reads installed applications
3/5
Makes unaligned API calls to possibly evade hooking based sandboxes
2/5
Reads sensitive mail data
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Hides files
2/5
Searches for sensitive application data
2/5
Tries to detect virtual machine
1/5
Unusual large memory allocation
1/5
Creates a page with write and execute permissions
1/5
Downloads file
1/5
Content matched by YARA rules
1/5
Drops PE file
1/5
Resolves API functions dynamically
1/5
Tries to detect debugger
1/5
Possibly does reconnaissance
1/5
Loads a dropped DLL
Backdoor
Downloader
Quotation.exe
2026-04-27T10:48:12.234
malicious
Windows Exe (x86-32)
Close
Quotation.exe
malicious
SHA256:
aaeb85c0cb65e4da3ee3dac33621aaf99fb310f7f43d999d0c45ed5195d1aaa9
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
5/5
XWorm configuration was extracted
4/5
Process Hollowing
4/5
Modifies Windows Defender configuration
3/5
Tries to detect the presence of antivirus software
3/5
Monitors keyboard input
3/5
Bypasses PowerShell execution policy
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Collects hardware properties
2/5
Queries OS info via WMI
1/5
Creates a page with write and execute permissions
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Reads from memory of another process
1/5
Enables process privileges
Spyware
Injector
g8CpXkxxHUwd5WeZ.exe
2026-04-27T10:32:24.280
malicious
Windows Exe (x86-32)
Close
g8CpXkxxHUwd5WeZ.exe
malicious
SHA256:
1247467a1a272fbc4a8fb4da0e5564760c53d2cce553b1745685ea81b83a938a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Modifies native system functions
3/5
Tries to evade debugger
2/5
Tries to detect virtual machine
2/5
Tries to detect kernel debugger
1/5
Executes dropped PE file
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Drops PE file
1/5
Tries to detect debugger
Trojan
J8W0wocMQ4l3we0c.exe
2026-04-27T10:27:59.158
malicious
Windows Exe (x86-32)
Close
J8W0wocMQ4l3we0c.exe
malicious
SHA256:
b9021596c6d7a0cafdf3f8eec631390212fc5b6e656421b2e35cd3f54958234b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Known malicious mutex name is created
2/5
Deletes file after execution
2/5
Delays execution
2/5
Suspicious content matched by YARA rules
1/5
Executes dropped PE file
1/5
Installs system startup script or application
1/5
Creates process with hidden window
1/5
Drops PE file
1/5
Modifies operating system directory
Spyware
Trojan
r5FxCC9iW5UIEu73.exe
2026-04-27T10:27:29.682
malicious
Windows Exe (x86-64)
Close
r5FxCC9iW5UIEu73.exe
malicious
SHA256:
8d19e8a60896066474bbdea34fda5ea80728e47948cb4c4067affecbe02fdb97
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
XWorm configuration was extracted
5/5
Known malicious mutex name is created
3/5
Redirect program startups
2/5
Creates a new process from a system binary
2/5
Reads network adapter information
2/5
Signed executable failed signature validation
2/5
Queries a host's domain name
1/5
Resolves API functions dynamically
1/5
Creates mutex
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Performs DNS request
1/5
Accesses volumes directly
1/5
Modifies application directory
1/5
Query OS Information
1/5
Enables process privileges
1/5
Installs system startup script or application
1/5
Creates process with hidden window
1/5
Connects to remote host
Spyware