MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureCrypter

Vendor detections: 10

Intelligence 10 IOCs YARA 4 File information Comments

SHA256 hash:	4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f
SHA3-384 hash:	8b920cb26149fd30a9ea54c96961752a03b98fea397d6d9fbe9e3e63d8396a0c5fc1bff593b040d4254247d0e0d91a73
SHA1 hash:	7b39d1b367c691be7f21e63594b02409c6e8a40d
MD5 hash:	66c10f28378f5b73a0a3d19f3ac7f297
humanhash:	april-winter-foxtrot-cold
File name:	4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f
Download:	download sample
Signature	PureCrypter Create hunting rule
File size:	952'320 bytes
First seen:	2026-03-06 15:28:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'845 x AgentTesla, 19'778 x Formbook, 12'298 x SnakeKeylogger)
ssdeep	12288:J9dMjn1XAdpr+8Esd4sEwRA8DWSW/+2PmvszdvW9n4Z:9EOdZ+8EsdfRA8DFWm2dzded0
Threatray	34 similar samples on MalwareBazaar
TLSH	T1A215E0228E626A38E55D1BB9C527086C23F1E307211BD71F2FEE85F94A62FD7CA17504
TrID	73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.6% (.EXE) Win64 Executable (generic) (6522/11/2) 4.5% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	adrian__luca
Tags:	exe purecrypter

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

DeepSea

Details

DeepSea

DeepSea decrypted strings

Link:

https://research.acce.ciphertechsolutions.com/results/f747518f-86f4-4b6e-a876-d8b110ef71fc/

Malware family:

n/a

ID:

File name:

4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f

Verdict:

No threats detected

Analysis date:

2026-03-06 16:48:46 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9c6a7d6a-e79b-4919-98ff-5e8be2a118b1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/56318/

Gathering data

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

formbook obfuscated obfuscated packed vbnet

Link:

https://www.filescan.io/uploads/69aaf2e097feb4afd67026a7/reports/f4613614-09c6-4542-ace9-609b86d243e1/overview

Verdict:

Malicious

Labled as:

Trojan.MSIL.Basic.8

Link:

https://www.hybrid-analysis.com/sample/4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f

Verdict:

Malicious

File Type:

exe x32

Link:

https://opentip.kaspersky.com/4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/752ee9b0-aca8-49f9-8446-e19e1fa04108

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f/

Threat name:

ByteCode-MSIL.Trojan.PureLogStealer

Status:

Malicious

First seen:

2026-02-25 04:34:00 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

24 of 36 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jtbkwemuhckqv3xad7jt7ytiqaxfgywlbu4djg7v35rgtwnyiyxq._file

Verdict:

malicious

Label(s):

purecrypter

PureCrypter

6f998e066e89d74f97f68b8b300cbf96f10df8bca0f96b78082e54ae578c6808

PureCrypter

dbd4edd258813db2cac4abddb2a4230b62874591c09daa6ffbcd5c9022ebd042

PureCrypter

dfc8ec3367b127116ca397e3d0a70c5823c41446db59177960c9ec9d8946448d

PureCrypter

error

PureCrypter

f5d384d10b94f31f151234b0bff7c4699e38883029727da32a2ccdef58b4589e

PureCrypter

+ 24 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/260306-sw97xahw7k/

Behaviour

Program crash

System Location Discovery: System Language Discovery

.NET Reactor proctector

Unpacked files

SH256 hash:

4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f

MD5 hash:

66c10f28378f5b73a0a3d19f3ac7f297

SHA1 hash:

7b39d1b367c691be7f21e63594b02409c6e8a40d

Link:

https://www.unpac.me/results/3dd712db-f84a-496e-8d62-85e542bfa351/

SH256 hash:

a6a6cf76c8a7dd497424f636ddaa9c58a77971f9b267b257f1906c0388c281d6

MD5 hash:

f0ff6d188e5191a7295ae1e852259e7d

SHA1 hash:

c3f1b28ff5806069dc6b694eb2c40af6bdc27078

Detections:

SUSP_OBF_NET_Reactor_Indicators_Jan24

INDICATOR_EXE_Packed_DotNetReactor

Link:

https://www.unpac.me/results/3dd712db-f84a-496e-8d62-85e542bfa351/

Parent samples :

24d6cbd8f4eb920651f82adb1288cd4d5227f6bcd8fe71341ebdeb434bbfae01
b430b6d8ffe30bb994eb58e11cab86092452755f0044acba6de4ef305f8fc28c
6f998e066e89d74f97f68b8b300cbf96f10df8bca0f96b78082e54ae578c6808
dbd4edd258813db2cac4abddb2a4230b62874591c09daa6ffbcd5c9022ebd042
787603ed370b21f4b0c042915f7fec0e3ad9f1a74f9bea21a99f9e7a5232a31c
cf790980d19ae946d6de6a03100ec1c207ceff95cf7e220d90108c2749fd0f63
24a07efb7c95800b89d34683abe09cf8e7d7776483f586abca769c2f98bb67c6
5524f65612afc339bd726ce2d20c9b8040a2137c7c23d8b68c47fe35a02c616d
55a9d922e96e48f6dafe5d3a8026268cc10ae3958b61b9121f0e4c93edca3b29
c2f557d0ec74807286105a5a4a0303d68638aaab4642aba9f035231742a0f38e
fdb5f65b86c93754b642aa54fa2628355c0bfd389bed24e435fef2d49ce6c8e4
4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad
82cf55fa23c0c2493080bf0cbf52165ee502a58c782f8d85cfbbb5e601f8b6b3
9e82ffb9944fb58a8f2ea6c728ce6e3afa6560563666701d125b295fbf209bb3
b8e84695c8a14f7223d17d6957f4eb1ef4cadba8918911a5988b51a925042cfc
7157165f0ec7acf431db00aed0a0afbf01a2314396797399194ef0e80f6b2f54
4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f
d864a30d450157ee025d97dcd2a6a6bf386719fc4c14ca361f85aa914665657c

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/56318/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample