Threat Feed
UgltZc6QUCE5JDxA.exe
2026-02-12T01:48:31.419
malicious
Windows Exe (x86-64)
Close
UgltZc6QUCE5JDxA.exe
malicious
SHA256:
50e20249d9d5faafe7c6b2ac7d8aa24b88c2d84ee1e9c707db1c5b8a3308e6ad
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Modifies Windows Defender configuration
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Modifies native system functions
2/5
Delays execution
2/5
Schedules task
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Creates mutex
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Drops PE file
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Executes dropped PE file
1/5
Reads from memory of another process
1/5
Modifies application directory
1/5
Possibly does reconnaissance
1/5
Modifies operating system directory
Injector
Bank Swift Payment Copy 11_2_2026_pdf.bat.exe
2026-02-12T01:47:36.191
malicious
Windows Exe (x86-32)
Close
Bank Swift Payment Copy 11_2_2026_pdf.bat.exe
malicious
SHA256:
f1dfe0fe83ce0afe4128352c8cc2afae511c65db867840ea373e5b08fdf283ec
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
GuLoader configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
4/5
Injected process sets up server that accepts incoming connections
3/5
Monitors keyboard input
3/5
Suspicious content matched by YARA rules
3/5
Modifies native system functions
3/5
Makes unaligned API calls to possibly evade hooking based sandboxes
3/5
Tries to evade debugger
3/5
Tries to detect the presence of antivirus software
2/5
Searches for sensitive browser data
2/5
Searches for sensitive application data
2/5
Searches for sensitive mail data
2/5
Suspicious content matched by YARA rules
2/5
Collects hardware properties
2/5
Tries to detect virtual machine
2/5
Queries OS info via WMI
2/5
Reads sensitive mail data
2/5
Reads network adapter information
1/5
Accesses volumes directly
1/5
Tries to detect debugger
1/5
Installs system startup script or application
1/5
Possibly does reconnaissance
1/5
Checks external IP address
1/5
Performs DNS request
1/5
Downloads file
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Creates mutex
1/5
Enables process privileges
1/5
Resolves API functions dynamically
1/5
Query OS Information
1/5
Loads a dropped DLL
1/5
Creates a page with write and execute permissions
1/5
Unusual large memory allocation
Spyware
Backdoor
Downloader
bmnXANBAHIdH6b94.doc
2026-02-12T01:47:24.432
malicious
Word Document
Close
bmnXANBAHIdH6b94.doc
malicious
SHA256:
c7826298e344a763ec85adc22205a486337018abd5fa708d71f0db6faf501f3d
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Executes dropped PE file
4/5
Document tries to create process
3/5
Modifies native system functions
3/5
Suspicious content matched by YARA rules
2/5
Enables process privileges
2/5
Executes macro on specific event
2/5
Suspicious content matched by YARA rules
2/5
Office macro uses an execute function
2/5
Office macro uses a file I/O function
1/5
Contains suspicious meta data
1/5
Query OS Information
1/5
Contains suspicious Office macro
1/5
Overwrites code
Dropper
Backdoor
Downloader
G10A44ThlouJPQ5Y.exe
2026-02-12T01:47:22.320
malicious
Windows Exe (x86-64)
Close
G10A44ThlouJPQ5Y.exe
malicious
SHA256:
5680f2b6c133167acdd515fd9ee75ff836b6b5b894799f99a85ffd78a22c4c64
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Makes indirect system calls to hide process injection
4/5
Obscures a file's origin
4/5
Loads a known vulnerable file
4/5
Makes indirect system call to possibly evade hooking based monitoring
3/5
Captures clipboard data
3/5
Executes code with kernel privileges
3/5
Disables a crucial system service
2/5
Reads network adapter information
2/5
Tries to detect virtual machine
2/5
Sends control codes to a driver
2/5
Collects hardware properties
2/5
Enumerates running processes
2/5
Sets up server that accepts incoming connections
2/5
Creates an unusually large number of processes
2/5
Delays execution
1/5
Installs system startup script or application
1/5
Drops PE file
1/5
Creates process with hidden window
1/5
Installs system service
1/5
Creates mutex
1/5
Executes dropped PE file
1/5
Query OS Information
1/5
Reads from memory of another process
1/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
1/5
Modifies operating system directory
1/5
Connects to remote host
1/5
Performs DNS request
1/5
Downloads executable
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Unusual large memory allocation
Downloader
PUA
Worm
Bot
Miner
Injector
xI9KCCbq4UjXgNJD.exe
2026-02-12T01:40:42.064
malicious
Windows Exe (x86-64)
Close
xI9KCCbq4UjXgNJD.exe
malicious
SHA256:
0d1652ef72f98946758726928233d90f25841b8fde30a005087e34bc3d745a1f
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Writes into the memory of another process
4/5
Modifies Windows Defender configuration
4/5
Modifies control flow of another process
3/5
Modifies native system functions
2/5
Schedules task
2/5
Creates a new process from a system binary
2/5
Delays execution
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Reads from memory of another process
1/5
A monitored process crashed
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Creates mutex
1/5
Resolves API functions dynamically
1/5
Overwrites code
Injector
