Threat Feed | Online Malware Sandbox

Windows Exe (x86-32)

remcos.exe

malicious

SHA256: 6aa18520f34349f6dedf94181ad75b901f1ce2e3da1814d079a1a0618f5ec3b9

VMRay Threat Identifiers

Severity

Operation

5/5

Remcos configuration was extracted

5/5

Malicious content matched by YARA rules

5/5

Tries to read cached credentials of various applications

4/5

Writes into the memory of another process

4/5

Modifies control flow of another process

2/5

Reads sensitive mail data

2/5

Searches for sensitive browser data

2/5

Searches for sensitive mail data

2/5

Reads sensitive browser data

2/5

Searches for sensitive application data

2/5

Delays execution

1/5

Creates a page with write and execute permissions

1/5

Creates mutex

1/5

Performs DNS request

1/5

Connects to remote host

1/5

Tries to connect using an uncommon port

1/5

Enables process privileges

1/5

Resolves API functions dynamically

1/5

Enumerates running processes

1/5

Possibly does reconnaissance

1/5

Creates process with hidden window

1/5

Drops PE file

1/5

Tries to detect debugger

1/5

Uncommon PE properties

1/5

Query OS Information

Spyware

Backdoor

Injector

BQgt3xEmwLgNCI5n.dll

2026-03-11T18:14:26.933

Windows DLL (x86-32)

BQgt3xEmwLgNCI5n.dll

malicious

SHA256: b30a9457d46bbfb8ab98c3108fd804049fd8612cb0e92d2ad6108f3ea5f2ed2d

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Delays execution

1/5

Creates process with hidden window

1/5

Installs system service

1/5

Connects to remote host

1/5

Drops PE file

1/5

Executes dropped PE file

1/5

Modifies operating system directory

Ransomware

Worm

nGwfhABbYu4xvlEw.exe

2026-03-11T18:08:10.874

Windows Exe (x86-32)

nGwfhABbYu4xvlEw.exe

malicious

SHA256: b5ed86c461ed905b2d3131bb789f785e310c93fb2bfc78813d962253fefc5e1b

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Searches for sensitive browser data

2/5

Hides files

1/5

Content matched by YARA rules

1/5

Obfuscates control flow

1/5

Resolves API functions dynamically

1/5

Creates a page with write and execute permissions

1/5

Drops PE file

1/5

Modifies application directory

1/5

Possibly does reconnaissance

Virus

v2Fu566SbQkCkafe.exe

2026-03-11T18:04:30.411

Windows Exe (x86-32)

v2Fu566SbQkCkafe.exe

malicious

SHA256: 716d6b6e17cbc60053119bf84af38661598028ad0f1247d7266d10e044308176

VMRay Threat Identifiers

Severity

Operation

5/5

Tries to read cached credentials of various applications

5/5

Combination of other detections shows multiple input capture behaviors

5/5

Malicious content matched by YARA rules

4/5

Modifies control flow of another process

4/5

Process Hollowing

3/5

All network connection attempts failed

3/5

Monitors keyboard input

3/5

Takes screenshot

3/5

Monitors user input

2/5

Delays execution

2/5

Searches for sensitive application data

2/5

Searches for sensitive browser data

2/5

Reads sensitive mail data

2/5

Searches for sensitive VPN configuration data

2/5

Reads sensitive browser data

2/5

Creates an unusually large number of processes

2/5

Schedules task via schtasks

2/5

Deletes file after execution

2/5

Searches for sensitive mail data

2/5

Schedules task

1/5

Monitors keyboard input

1/5

Enumerates running processes

1/5

Monitors mouse movements and clicks

1/5

Creates mutex

1/5

Installs system startup script or application

1/5

Executes WMI query

1/5

Enables process privileges

1/5

Performs DNS request

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

Reads mouse position

1/5

Executes dropped PE file

1/5

Creates process with hidden window

1/5

Reads from memory of another process

1/5

Creates a page with write and execute permissions

1/5

Possibly does reconnaissance

1/5

Query OS Information

1/5

Tries to detect debugger

Spyware

Injector

3be9077b9feebd0a1dcfafc43778538e0b7c5721e7b2cd12f37ec7c03ef75cc3.dll

2026-03-11T18:04:18.158

Windows DLL (x86-32)

3be9077b9feebd0a1dcfafc43778538e0b7c5721e7b2cd12f37ec7c03ef75cc3.dll

malicious

SHA256: 3be9077b9feebd0a1dcfafc43778538e0b7c5721e7b2cd12f37ec7c03ef75cc3

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Delays execution

1/5

Creates mutex

1/5

Creates a page with write and execute permissions

1/5

Enables process privileges

1/5

Performs DNS request

1/5

Connects to remote host

1/5

Installs system service

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

Executes dropped PE file

1/5

Modifies operating system directory

1/5

Modifies application directory

1/5

Creates process with hidden window

Ransomware

Worm