Threat Feed | Online Malware Sandbox

URL

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Page uses exact same title as that of a popular online service

2/5

Branded Logon form detected via Computer Vision

1/5

Content matched by YARA rules

1/5

HTTPS page insecurely loads resources via HTTP

1/5

Branding image detected via Computer Vision

1/5

Page uses exact favicon of a popular online service

1/5

Page presents itself as a logon page

Phishing

file.exe

2026-01-22T13:41:42.350

Windows Exe (x86-32)

file.exe

malicious

SHA256: f0028efaa06d984d290f6b6f5bda3efc6be6ac3a86d1a171b61bc6d9ec53ebda

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

4/5

DLL Hollowing

2/5

Signed executable failed signature validation

2/5

Deletes file after execution

2/5

Suspicious content matched by YARA rules

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

Overwrites code

1/5

Loads a dropped DLL

1/5

Executes dropped PE file

1/5

Creates process with hidden window

1/5

Timestamp manipulation

1/5

Query OS Information

1/5

Enumerates running processes

1/5

Reloads native system libraries

1/5

Drops PE file

Downloader

Injector

file.exe

2026-01-22T13:35:27.860

Windows Exe (x86-64)

file.exe

malicious

SHA256: fbc833ef1bf410be08f2417f2d43861dad03dfa5fbd71725bb5b6182c2a5d84c

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

1/5

Creates process with hidden window

1/5

Drops PE file

1/5

Reads from memory of another process

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

Executes dropped PE file

1/5

Accesses volumes directly

1/5

Tries to detect debugger

1/5

Installs system startup script or application

1/5

Enumerates running processes

Downloader

QZJvwnx.exe

2026-01-22T12:58:54.876

Windows Exe (x86-64)

QZJvwnx.exe

malicious

SHA256: 0cf835c68e0c403c42b3670e057f0852417b603a03ba328735d3371ccd33b97d

VMRay Threat Identifiers

Severity

Operation

5/5

Tries to read cached credentials of various applications

5/5

Combination of other detections shows multiple input capture behaviors

5/5

Malicious content matched by YARA rules

5/5

Makes indirect system calls to hide process injection

4/5

Malicious content matched by YARA rules

4/5

Writes into the memory of another process

4/5

Makes indirect system call to possibly evade hooking based monitoring

4/5

Modifies control flow of another process

3/5

Uses HTTP to upload a large amount of data

3/5

Modifies native system functions

3/5

Reads installed applications

3/5

Takes screenshot

2/5

Tries to detect virtual machine

2/5

Searches for sensitive browser data

2/5

Reads sensitive browser data

2/5

Searches for sensitive application data

2/5

Searches for cryptocurrency wallet locations

2/5

Searches for sensitive mail data

2/5

Searches for sensitive FTP data

1/5

Creates process with hidden window

1/5

Creates a page with write and execute permissions

1/5

Query OS Information

1/5

Possibly does reconnaissance

1/5

Enumerates running processes

1/5

Resolves API functions dynamically

1/5

Content matched by YARA rules

1/5

URL contains a TLD highly associated with phishing

1/5

Query CPU Properties

Spyware

Injector

VauHdA28HRe0slJ3.html

2026-01-22T12:55:23.234

HTML Document

VauHdA28HRe0slJ3.html

malicious

SHA256: 5e70beb14a4ff9731a47d1aa6adfc3eda547bffdbd7ef5830b22496ef3702e3d

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

2/5

Page uses an invalid certificate

2/5

The HTML file contains logon form

1/5

Page presents itself as a logon page

1/5

Content matched by YARA rules

Phishing