Threat Feed
kfvjENwnPkWPPgLg.exe
2026-05-22T17:00:16.005
malicious
Windows Exe (x86-32)
Close
kfvjENwnPkWPPgLg.exe
malicious
SHA256:
de66c81b8e2ffd65ee56c71f98649623796be2b948417de6679e47643d04f6bb
VMRay Threat Identifiers
Close
Severity
Operation
5/5
XWorm configuration was extracted
5/5
Malicious content matched by YARA rules
3/5
Performs DNS request for known DDNS domain
2/5
Deletes file after execution
1/5
Tries to connect using an uncommon port
1/5
Enables process privileges
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Installs system startup script or application
1/5
Creates mutex
1/5
Performs DNS request
1/5
Connects to remote host
Spyware
6BpH8FjUtoLZly3M.dll
2026-05-22T16:58:18.519
malicious
Windows DLL (x86-64)
Close
6BpH8FjUtoLZly3M.dll
malicious
SHA256:
79db780bb174196a0bc768b43cdeac4b897d7207a4e88940ba32540203e67a05
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
4/5
Monitors clipboard content
3/5
Captures clipboard data
3/5
Tries to detect the presence of antivirus software
3/5
Modifies native system functions
3/5
Uses HTTP to upload a large amount of data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Queries a host's domain name
2/5
Communicates with a Web3 service
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Tries to connect using an uncommon port
1/5
Downloads file
1/5
Query Firmware Information
1/5
Content matched by YARA rules
Spyware
Keylogger
ueVqcAFNZIzc5REQ.exe
2026-05-22T16:57:31.090
malicious
Windows Exe (x86-32)
Close
ueVqcAFNZIzc5REQ.exe
malicious
SHA256:
0f1427c414a8a32d99ad9fdf83dbb7ad3401dcf61c4e46f99265abb6a7c0e435
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Tries to open an unusually high number of parallel network connections
2/5
Installs system monitor to detect memory accesses
2/5
Tries to detect virtual machine
2/5
Delays execution
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Resolves API functions dynamically
1/5
Installs system startup script or application
1/5
Checks Internet connection
1/5
Tries to get network statistics
1/5
Reads system data
1/5
Enables process privileges
Spyware
q9Ejhv3ONq3B5p6b.exe
2026-05-22T16:54:02.076
malicious
Windows Exe (x86-32)
Close
q9Ejhv3ONq3B5p6b.exe
malicious
SHA256:
977ca6ac118da81f542da42e46c2764d857b93a5f2d4f9e12d4298b9a096a6b7
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Tries to open an unusually high number of parallel network connections
2/5
Installs system monitor to detect memory accesses
2/5
Delays execution
1/5
Enables process privileges
1/5
Installs system startup script or application
1/5
Reads system data
1/5
Checks Internet connection
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
Spyware
61kuLiJdPpo8xQPO.exe
2026-05-22T16:53:56.195
malicious
Windows Exe (x86-32)
Close
61kuLiJdPpo8xQPO.exe
malicious
SHA256:
c7d345d6c93636225593ff73ec43d5fb7509d5e56d25ce7b518b23a17ba50d38
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Adds a hook to a web browser
5/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Tries to open an unusually high number of parallel network connections
2/5
Installs system monitor to detect memory accesses
2/5
Delays execution
2/5
Tries to detect virtual machine
1/5
Overwrites code
1/5
Creates mutex
1/5
Checks Internet connection
1/5
Enables process privileges
1/5
Reads system data
1/5
Installs system startup script or application
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
1/5
Resolves API functions dynamically
Spyware
Injector