{"id":121,"date":"2026-05-23T03:27:07","date_gmt":"2026-05-23T03:27:07","guid":{"rendered":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/"},"modified":"2026-05-23T03:27:07","modified_gmt":"2026-05-23T03:27:07","slug":"threatinfo-daily-digest-2026-05-23","status":"publish","type":"post","link":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/","title":{"rendered":"ThreatInfo Detection Digest: May 23, 2026"},"content":{"rendered":"
\n

ThreatInfo research digest<\/p>\n

A concise set of new file reports that were not used in recent digests. Each entry includes the detection name, MD5 hash, and a direct report link so analysts can verify the exact sample before taking action.<\/p>\n

\n
New report links<\/span>20<\/strong><\/div>\n
Tracked categories<\/span>5<\/strong><\/div>\n
Primary action<\/span>Verify hash<\/strong><\/div>\n<\/div>\n<\/section>\n
\n

Category overview<\/h2>\n
Adware<\/strong>4 new reports<\/span><\/a>PUP\/PUA<\/strong>4 new reports<\/span><\/a>Trojan<\/strong>4 new reports<\/span><\/a>Ransomware<\/strong>4 new reports<\/span><\/a>Virus<\/strong>4 new reports<\/span><\/a><\/div>\n<\/section>\n
\n

Reports worth opening<\/h2>\n
\n
\n

Adware<\/h3>\n

Review browser changes, bundled installers, extensions, and unexpected advertising behavior.<\/p>\n<\/div>\n

\n
\n
File<\/span>isafekrnlr3.sys<\/a><\/div>\n
Detection<\/span>Under review<\/strong><\/div>\n
MD5<\/span>821fc895831b719afa0d5d2be2027893<\/code><\/div>\n<\/div>\n
\n
File<\/span>Snare.dll<\/a><\/div>\n
Detection<\/span>Adware.ELEX<\/strong><\/div>\n
MD5<\/span>6d223d145756a7443279e252feb4c536<\/code><\/div>\n<\/div>\n
\n
File<\/span>A0427997.dll<\/a><\/div>\n
Detection<\/span>Adware.ELEX<\/strong><\/div>\n
MD5<\/span>c5f511a6edc09cdfdc563fef9be92c69<\/code><\/div>\n<\/div>\n
\n
File<\/span>A0096076.dll<\/a><\/div>\n
Detection<\/span>Adware.ELEX<\/strong><\/div>\n
MD5<\/span>5c2ccd9975cade566e85fd37bb814b25<\/code><\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n

PUP\/PUA<\/h3>\n

Check whether the file came from an installer bundle, optimizer, updater, or optional offer.<\/p>\n<\/div>\n

\n
\n
File<\/span>Alcatel Setup_DriverDoc_2016.exe<\/a><\/div>\n
Detection<\/span>Under review<\/strong><\/div>\n
MD5<\/span>7da6f3c5c9be4a3a53c520b19c9309a1<\/code><\/div>\n<\/div>\n
\n
File<\/span>qbshellicon2caf53b6.dll<\/a><\/div>\n
Detection<\/span>Under review<\/strong><\/div>\n
MD5<\/span>4298ef1f49d563b2190ae5783468a58c<\/code><\/div>\n<\/div>\n
\n
File<\/span>librtmp – Copie.dll<\/a><\/div>\n
Detection<\/span>Under review<\/strong><\/div>\n
MD5<\/span>921b64a7dace4c93161b942b80b6b41b<\/code><\/div>\n<\/div>\n
\n
File<\/span>HostAppService (1).exe<\/a><\/div>\n
Detection<\/span>Adware.SweetIM<\/strong><\/div>\n
MD5<\/span>da746ebbb1e7952da96ef0e0667fc740<\/code><\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n

Trojan<\/h3>\n

Verify the hash and origin before trusting the filename; trojans often imitate legitimate software.<\/p>\n<\/div>\n

\n
\n
File<\/span>64bit.).2016-patch MrSzzS.exe<\/a><\/div>\n
Detection<\/span>Hack.Patcher<\/strong><\/div>\n
MD5<\/span>5325db41669aea870e16f48fbaa5dc22<\/code><\/div>\n<\/div>\n
\n
File<\/span>Keygen.exe<\/a><\/div>\n
Detection<\/span>Trojan.Keygen<\/strong><\/div>\n
MD5<\/span>0ff7b0aa3840d67bfef3a7c77c26468b<\/code><\/div>\n<\/div>\n
\n
File<\/span>hdtask.exe<\/a><\/div>\n
Detection<\/span>PUP.SpeedUpMyPC<\/strong><\/div>\n
MD5<\/span>edc7eb442a17faeb8bc02a7c16551bf1<\/code><\/div>\n<\/div>\n
\n
File<\/span>fraps_ru.exe.quarantined<\/a><\/div>\n
Detection<\/span>Trojan.Gen<\/strong><\/div>\n
MD5<\/span>5a5c0885cf60d6f6f39c5db45e5e1211<\/code><\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n

Ransomware<\/h3>\n

Prioritize isolation and backup checks when this class appears on an endpoint.<\/p>\n<\/div>\n

\n
\n
File<\/span>USB.Protection.&.Recovery-1.3.exe<\/a><\/div>\n
Detection<\/span>Ransom.Presenoker<\/strong><\/div>\n
MD5<\/span>f99bfddac9cb3be6465347635c295975<\/code><\/div>\n<\/div>\n
\n
File<\/span>Insaniquarium.scr<\/a><\/div>\n
Detection<\/span>Ransom.Sabsik<\/strong><\/div>\n
MD5<\/span>32cdbc9e95342182db48567c457642e7<\/code><\/div>\n<\/div>\n
\n
File<\/span>1f1affdcb7b7175e077b359abc7bbb4e.zip<\/a><\/div>\n
Detection<\/span>Ransom.Zpevdo<\/strong><\/div>\n
MD5<\/span>1f1affdcb7b7175e077b359abc7bbb4e<\/code><\/div>\n<\/div>\n
\n
File<\/span>DeviceManager.exe.quarantined<\/a><\/div>\n
Detection<\/span>Ransom.Gandcrab<\/strong><\/div>\n
MD5<\/span>c9d7b4f352a2362d676c850dc923f662<\/code><\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n

Virus<\/h3>\n

Look for copied or modified executables and scan related files created around the same time.<\/p>\n<\/div>\n

\n
\n
File<\/span>Patch 2.exe<\/a><\/div>\n
Detection<\/span>Hack.Patcher<\/strong><\/div>\n
MD5<\/span>7121485fbe0554cc054adfaa374b3f38<\/code><\/div>\n<\/div>\n
\n
File<\/span>install.exe<\/a><\/div>\n
Detection<\/span>Virus.Jeefo<\/strong><\/div>\n
MD5<\/span>b7e4e623e707ebce5c6ca5fffbd1acc2<\/code><\/div>\n<\/div>\n
\n
File<\/span>setup.exe<\/a><\/div>\n
Detection<\/span>Virus.Neshta<\/strong><\/div>\n
MD5<\/span>d469a3a77f27c430bf5d65e6b6335764<\/code><\/div>\n<\/div>\n
\n
File<\/span>OSE.EXE<\/a><\/div>\n
Detection<\/span>Virus.Neshta<\/strong><\/div>\n
MD5<\/span>8364677c293fdbdc1d485a227815f2b1<\/code><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n
\n

How to use this digest<\/h2>\n

Start with the MD5 hash, not the filename. If the hash or file path matches a system you manage, open the report, review the publisher and detection details, then scan the endpoint with GridinSoft Anti-Malware<\/a>. ThreatInfo reports show whether GridinSoft already detects the file and which detection name is used.<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

ThreatInfo research digest A concise set of new file reports that were not used in recent digests. Each entry includes the detection name, MD5 hash, and a direct report link so analysts can verify … <\/p>\n

Read more<\/a><\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":""},"categories":[50],"tags":[],"yoast_head":"\nThreatInfo Detection Digest: May 23, 2026 - ThreatInfo Research<\/title>\n<meta name=\"description\" content=\"ThreatInfo detection digest with new file reports, malware categories, MD5 hashes, and GridinSoft verdict context.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ThreatInfo Detection Digest: May 23, 2026 - ThreatInfo Research\" \/>\n<meta property=\"og:description\" content=\"ThreatInfo detection digest with new file reports, malware categories, MD5 hashes, and GridinSoft verdict context.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatInfo Research\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-23T03:27:07+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/threatinfo.net\/articles\/#website\",\"url\":\"https:\/\/threatinfo.net\/articles\/\",\"name\":\"ThreatInfo Research\",\"description\":\"Malware explainers, daily file-report links, hashes, GridinSoft detections, and remediation guidance from ThreatInfo Research\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/threatinfo.net\/articles\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/#webpage\",\"url\":\"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/\",\"name\":\"ThreatInfo Detection Digest: May 23, 2026 - ThreatInfo Research\",\"isPartOf\":{\"@id\":\"https:\/\/threatinfo.net\/articles\/#website\"},\"datePublished\":\"2026-05-23T03:27:07+00:00\",\"dateModified\":\"2026-05-23T03:27:07+00:00\",\"author\":{\"@id\":\"\"},\"description\":\"ThreatInfo detection digest with new file reports, malware categories, MD5 hashes, and GridinSoft verdict context.\",\"breadcrumb\":{\"@id\":\"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/threatinfo.net\/articles\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ThreatInfo Detection Digest: May 23, 2026\"}]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ThreatInfo Detection Digest: May 23, 2026 - ThreatInfo Research","description":"ThreatInfo detection digest with new file reports, malware categories, MD5 hashes, and GridinSoft verdict context.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/","og_locale":"en_US","og_type":"article","og_title":"ThreatInfo Detection Digest: May 23, 2026 - ThreatInfo Research","og_description":"ThreatInfo detection digest with new file reports, malware categories, MD5 hashes, and GridinSoft verdict context.","og_url":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/","og_site_name":"ThreatInfo Research","article_published_time":"2026-05-23T03:27:07+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/threatinfo.net\/articles\/#website","url":"https:\/\/threatinfo.net\/articles\/","name":"ThreatInfo Research","description":"Malware explainers, daily file-report links, hashes, GridinSoft detections, and remediation guidance from ThreatInfo Research","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatinfo.net\/articles\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/#webpage","url":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/","name":"ThreatInfo Detection Digest: May 23, 2026 - ThreatInfo Research","isPartOf":{"@id":"https:\/\/threatinfo.net\/articles\/#website"},"datePublished":"2026-05-23T03:27:07+00:00","dateModified":"2026-05-23T03:27:07+00:00","author":{"@id":""},"description":"ThreatInfo detection digest with new file reports, malware categories, MD5 hashes, and GridinSoft verdict context.","breadcrumb":{"@id":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-23\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatinfo.net\/articles\/"},{"@type":"ListItem","position":2,"name":"ThreatInfo Detection Digest: May 23, 2026"}]}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":110,"url":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-15\/","url_meta":{"origin":121,"position":0},"title":"ThreatInfo Detection Digest: May 15, 2026","date":"May 15, 2026","format":false,"excerpt":"ThreatInfo research digestA concise set of new file reports that were not used in recent digests. Each entry includes the detection name, MD5 hash, and a direct report link so analysts can verify the exact sample before taking action.New report links20Tracked categories5Primary actionVerify hashCategory overviewAdware4 new reportsPUP\/PUA4 new reportsTrojan4 new\u2026","rel":"","context":"In "Daily Digest"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":114,"url":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-17\/","url_meta":{"origin":121,"position":1},"title":"ThreatInfo Detection Digest: May 17, 2026","date":"May 17, 2026","format":false,"excerpt":"ThreatInfo research digestA concise set of new file reports that were not used in recent digests. Each entry includes the detection name, MD5 hash, and a direct report link so analysts can verify the exact sample before taking action.New report links20Tracked categories5Primary actionVerify hashCategory overviewAdware4 new reportsPUP\/PUA4 new reportsTrojan4 new\u2026","rel":"","context":"In "Daily Digest"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":109,"url":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-14\/","url_meta":{"origin":121,"position":2},"title":"ThreatInfo Detection Digest: May 14, 2026","date":"May 14, 2026","format":false,"excerpt":"ThreatInfo research digestA concise set of new file reports that were not used in recent digests. Each entry includes the detection name, MD5 hash, and a direct report link so analysts can verify the exact sample before taking action.New report links20Tracked categories5Primary actionVerify hashCategory overviewAdware4 new reportsPUP\/PUA4 new reportsTrojan4 new\u2026","rel":"","context":"In "Daily Digest"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":113,"url":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-16\/","url_meta":{"origin":121,"position":3},"title":"ThreatInfo Detection Digest: May 16, 2026","date":"May 16, 2026","format":false,"excerpt":"ThreatInfo research digestA concise set of new file reports that were not used in recent digests. Each entry includes the detection name, MD5 hash, and a direct report link so analysts can verify the exact sample before taking action.New report links20Tracked categories5Primary actionVerify hashCategory overviewAdware4 new reportsPUP\/PUA4 new reportsTrojan4 new\u2026","rel":"","context":"In "Daily Digest"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":103,"url":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-13\/","url_meta":{"origin":121,"position":4},"title":"ThreatInfo Detection Digest: May 13, 2026","date":"May 13, 2026","format":false,"excerpt":"ThreatInfo research digestA concise set of new file reports that were not used in recent digests. Each entry includes the detection name, MD5 hash, and a direct report link so analysts can verify the exact sample before taking action.New report links20Tracked categories5Primary actionVerify hashCategory overviewAdware4 new reportsPUP\/PUA4 new reportsTrojan4 new\u2026","rel":"","context":"In "Daily Digest"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":116,"url":"https:\/\/threatinfo.net\/articles\/threatinfo-daily-digest-2026-05-19\/","url_meta":{"origin":121,"position":5},"title":"ThreatInfo Detection Digest: May 19, 2026","date":"May 19, 2026","format":false,"excerpt":"ThreatInfo research digestA concise set of new file reports that were not used in recent digests. Each entry includes the detection name, MD5 hash, and a direct report link so analysts can verify the exact sample before taking action.New report links20Tracked categories5Primary actionVerify hashCategory overviewAdware4 new reportsPUP\/PUA4 new reportsTrojan4 new\u2026","rel":"","context":"In "Daily Digest"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/threatinfo.net\/articles\/wp-json\/wp\/v2\/posts\/121"}],"collection":[{"href":"https:\/\/threatinfo.net\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatinfo.net\/articles\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/threatinfo.net\/articles\/wp-json\/wp\/v2\/comments?post=121"}],"version-history":[{"count":0,"href":"https:\/\/threatinfo.net\/articles\/wp-json\/wp\/v2\/posts\/121\/revisions"}],"wp:attachment":[{"href":"https:\/\/threatinfo.net\/articles\/wp-json\/wp\/v2\/media?parent=121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatinfo.net\/articles\/wp-json\/wp\/v2\/categories?post=121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatinfo.net\/articles\/wp-json\/wp\/v2\/tags?post=121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}