Threat Feed
utwVsNzVqnL08DXT.exe
2026-04-13T18:24:24.815
malicious
Windows Exe (x86-64)
Close
utwVsNzVqnL08DXT.exe
malicious
SHA256:
e9075e08177eab096de65f9d4c4f5c7c8537c5b10c2fab2ae8269e0695fd5f67
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
3/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Searches for sensitive mail data
2/5
Searches for sensitive application data
2/5
Creates an unusually large number of processes
2/5
Reads network adapter information
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
1/5
Connects to remote host
1/5
Resolves API functions dynamically
1/5
Content matched by YARA rules
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Unusual large memory allocation
1/5
Performs DNS request
Spyware
Electrical appliance purchase orderxlsx..exe
2026-04-13T18:13:11.009
malicious
Windows Exe (x86-32)
Close
Electrical appliance purchase orderxlsx..exe
malicious
SHA256:
81bd7e1b0e7816a97aa8158730b85958a0c61b09f74fbe82e2f19e3cafd9889b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Bypasses Windows User Account Control (UAC)
4/5
Monitors clipboard content
2/5
Delays execution
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Deletes file after execution
2/5
Searches for sensitive browser data
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Creates a page with write and execute permissions
1/5
Unusual large memory allocation
1/5
Creates mutex
1/5
Writes an unusually large amount of data to the registry
1/5
Query CPU Properties
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Reads mouse position
1/5
Query OS Information
1/5
Accesses volumes directly
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
Spyware
Keylogger
IMG-777703874.png.lnk
2026-04-13T18:12:49.729
malicious
PowerShell Script (Shell Link)
Close
IMG-777703874.png.lnk
malicious
SHA256:
dcb35341363737afeb2ba60a3396b33a11272b2761625dbdc14a541f9bb23179
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Creates an unusually large number of files
4/5
Reads from memory of another process
3/5
Suspicious content matched by YARA rules
3/5
Bypasses PowerShell execution policy
2/5
Performs DNS request
2/5
Possibly does reconnaissance
2/5
Enumerates running processes
1/5
URL contains a TLD highly associated with phishing
1/5
Creates mutex
1/5
Accesses volumes directly
1/5
Connects to remote host
1/5
Query OS Information
1/5
Content matched by YARA rules
1/5
Enumerates running processes
file.exe
2026-04-13T18:12:39.502
malicious
Windows Exe (x86-32)
Close
file.exe
malicious
SHA256:
2b1f971f0a4f1b97560936543a216589e820960d64569dd85e40a242b680cba9
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Entry point injection
4/5
Injected process sets up server that accepts incoming connections
4/5
DLL Hollowing
3/5
Makes direct system calls to hide process injection
2/5
Delays execution
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Writes into the memory of a process started from a created or modified executable
2/5
Suspicious content matched by YARA rules
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Enumerates running processes
1/5
Overwrites code
1/5
Reloads native system libraries
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Creates mutex
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Reads system data
Backdoor
Downloader
Injector
transferencia interbancaria (BBVA).exe
2026-04-13T18:12:01.550
malicious
Windows Exe (x86-32)
Close
transferencia interbancaria (BBVA).exe
malicious
SHA256:
fc0fabde06751d72a58e78abbb5082ede0ad705f0b046dc68782e3eb092640f6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Agent Tesla configuration was extracted
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
4/5
Writes into the memory of another process
4/5
Process Hollowing
4/5
Injected process sets up server that accepts incoming connections
4/5
Modifies control flow of another process
2/5
Collects hardware properties
2/5
Searches for sensitive browser data
2/5
Reads network adapter information
2/5
Searches for sensitive mail data
2/5
Searches for sensitive developer application configuration data
2/5
Reads sensitive browser data
2/5
Reads sensitive mail data
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Queries OS info via WMI
1/5
Modifies application directory
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Possibly does reconnaissance
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
Spyware
Backdoor
Injector