Threat Feed | Online Malware Sandbox

Windows Exe (x86-32)

xD6W1jyGhraRzfAr.exe

malicious

SHA256: bcd3105a3588b09515788ee9d262472f3686e7ff248cdfcf8d41f7efbd612d43

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Tries to evade debugger

3/5

Modifies native system functions

2/5

Tries to detect kernel debugger

2/5

Tries to detect virtual machine

1/5

Enumerates running processes

1/5

Drops PE file

1/5

Executes dropped PE file

1/5

Creates process with hidden window

1/5

Tries to detect debugger

Trojan

x4AZrgqSRMNGxSJt.exe

2026-04-02T18:05:38.639

Windows Exe (x86-32)

x4AZrgqSRMNGxSJt.exe

malicious

SHA256: 7420d72dcda114daba3db8c14f4979224b250b151f18ecd469cdc7829f26bf39

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

4/5

Modifies Windows Defender configuration

4/5

Bypasses Windows User Account Control (UAC)

3/5

Executable modifies its own file

2/5

Modifies network configuration

2/5

Schedules task

2/5

Schedules task via schtasks

2/5

Suspicious content matched by YARA rules

1/5

Creates mutex

1/5

Installs system startup script or application

1/5

Enables process privileges

1/5

Modifies application directory

1/5

Query OS Information

1/5

Modifies operating system directory

1/5

Enumerates running processes

1/5

Creates process with hidden window

1/5

Content matched by YARA rules

1/5

Obfuscates control flow

1/5

Resolves API functions dynamically

Backdoor

SFrHKIzafTKI3VnR.exe

2026-04-02T18:04:44.388

Windows Exe (x86-32)

SFrHKIzafTKI3VnR.exe

malicious

SHA256: e421e513dcd569a4b46c4bcd1fe088f9c5417fde7af23876fe90ccdad95d6c63

VMRay Threat Identifiers

Severity

Operation

4/5

Modifies control flow of another process

4/5

Writes into the memory of another process

3/5

All network connection attempts failed

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

Loads a dropped DLL

1/5

The binary file was created with a packer

1/5

Timestamp manipulation

1/5

Modifies operating system directory

1/5

Creates process with hidden window

1/5

Creates a page with write and execute permissions

1/5

Enumerates running processes

1/5

Query OS Information

1/5

Modifies application directory

1/5

Changes folder appearance

Injector

sYZ8bNewEGvtT8d3.exe

2026-04-02T18:03:40.898

Windows Exe (x86-32)

sYZ8bNewEGvtT8d3.exe

malicious

SHA256: ae166a1f5d4b09d7ea720ee4ade9f4347347a75e83ecd052e94d9a3cbf34e3ce

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Hides files

1/5

Creates a page with write and execute permissions

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

Content matched by YARA rules

1/5

Modifies application directory

Virus

PpOfFGySUBMLlfvR.exe

2026-04-02T18:03:19.763

Windows Exe (x86-32)

PpOfFGySUBMLlfvR.exe

malicious

SHA256: 47cf764cf11ffb7d098a85b056263aca5961edfcc233cf03f2060eb350be5400

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates file(s) in the .NET assembly directory to hide them from Windows Explorer

2/5

Hides files

2/5

Searches for sensitive browser data

1/5

Resolves API functions dynamically

1/5

Creates a page with write and execute permissions

1/5

Drops PE file

1/5

Modifies application directory

1/5

Possibly does reconnaissance

1/5

Modifies operating system directory

Virus