MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 afb5b88d2bdfc62c7203bb195438b383d85ca24586f9ccf183f0ef6c032f4280. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureHVNC

Vendor detections: 13

Intelligence 13 IOCs YARA 7 File information Comments

SHA256 hash:	afb5b88d2bdfc62c7203bb195438b383d85ca24586f9ccf183f0ef6c032f4280
SHA3-384 hash:	6207226c1b6fc6d7fb6ee1b086ea3aae81ed5fd2909f9721f8bf6484bc4c0dee987055ff4506852117f6ea189a3899eb
SHA1 hash:	3ba1dbd8a1041fd82ee3fda606995bfe08f1d8b2
MD5 hash:	c978cda62d928c690b634e42c731930c
humanhash:	delaware-mobile-carolina-california
File name:	SecuriteInfo.com.Heur.MSIL.Benin.5.65965741
Download:	download sample
Signature	PureHVNC Create hunting rule
File size:	785'408 bytes
First seen:	2026-06-08 20:29:18 UTC
Last seen:	2026-06-08 21:28:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (49'067 x AgentTesla, 20'019 x Formbook, 12'352 x SnakeKeylogger)
ssdeep	12288:Dn6XvX6wxRNLy8b/VhS/TV5ybcOMlKCwWucCNLvGTr9WRoJ8:+vqwxRNLxVhOV5yYOMlKeucChvGvKoJ8
Threatray	102 similar samples on MalwareBazaar
TLSH	T171F4BE1B77A68F21D2840632C1D7150583F46947B63BE70E7989239A29033FAEE4B7D7
TrID	70.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.2% (.EXE) Win64 Executable (generic) (6522/11/2) 4.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe PureHVNC

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

NETReactor

Details

Link:

https://research.acce.ciphertechsolutions.com/results/79824df7-4581-4b1a-a4ec-28bccb4c8678/

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/70148/

Detection(s):

SecuriteInfo.com.Heur.MSIL.Benin.5.65965741.UNOFFICIAL

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a272637ae2f98c00a68fa5a

Tags:

malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Connection attempt to an infection source

Sending a TCP request to an infection source

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 net_reactor obfuscated obfuscated packed packed

Link:

https://www.filescan.io/uploads/6a2726341f652d6865707704/reports/962b2381-8b10-4ca5-b7ea-8288c163d8a2/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/afb5b88d2bdfc62c7203bb195438b383d85ca24586f9ccf183f0ef6c032f4280

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-06-08T11:13:00Z UTC

Last seen:

2026-06-09T20:25:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/afb5b88d2bdfc62c7203bb195438b383d85ca24586f9ccf183f0ef6c032f4280/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/9e04c412-31a3-4314-bbb6-e3e041c54aef

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/afb5b88d2bdfc62c7203bb195438b383d85ca24586f9ccf183f0ef6c032f4280

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/afb5b88d2bdfc62c7203bb195438b383d85ca24586f9ccf183f0ef6c032f4280/

Threat name:

Win32.Trojan.Kepavll

Status:

Malicious

First seen:

2026-06-08 12:40:05 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

21 of 24 (87.50%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=v623rdjl37dcy4qdxmmvioftqpmfzisfq344z4md6dxwyazpikaa._file

Verdict:

malicious

Label(s):

purecrypter

PureHVNC

3475a00014822804b7ff1d82e6f2edf7990e8f4b4c63cd79f54d7e0e5668388e

PureHVNC

4334b32b02f055ad7553e21cf13b1706b892a648fadb4584cafb3283245f6389

PureHVNC

8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403

PureHVNC

b6a4ce1b28a8c0754b1ce5d4832644ca3c0e4571556e9c5bfe3ae9da97589366

PureHVNC

b95012a5ed4784b632680ca3291db8dd17908c5137279e190a06563cd111665f

PureHVNC

d4e2fc9946830fa27ea397c7dab7ffc56501f7b75df4deede18bc2708fa23f1b

PureHVNC

error

PureHVNC

f272a51c813b2d3c3748457bd842ae2125596dc6786e1a326bac2479b01273cf

PureHVNC

+ 92 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

collection discovery spyware stealer

Link:

https://tria.ge/reports/260608-y9wvbsfx7n/

Behaviour

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Browser Information Discovery

System Location Discovery: System Language Discovery

System Time Discovery

Drops file in Windows directory

Accesses Microsoft Outlook profiles

Reads WinSCP keys stored on the system

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

afb5b88d2bdfc62c7203bb195438b383d85ca24586f9ccf183f0ef6c032f4280

MD5 hash:

c978cda62d928c690b634e42c731930c

SHA1 hash:

3ba1dbd8a1041fd82ee3fda606995bfe08f1d8b2

Link:

https://www.unpac.me/results/5aa86793-eb8c-4142-9d1d-1cee8462b875/

SH256 hash:

2c2fe5d55f1998a11fae535307fcde4e7d24b29d581f0945e9257404e4fb53c7

MD5 hash:

e1fca39b18f3008d9fc868da0edea670

SHA1 hash:

4330cfca067388040a8ef61678e96c900d821df3

Link:

https://www.unpac.me/results/5aa86793-eb8c-4142-9d1d-1cee8462b875/

SH256 hash:

b2a66e9864f81c2800a5afef4bfd1faf7c910e5a43ea2eb9dbb15c8ab6ffc633

MD5 hash:

f0a13fb422cdb1f3ce667df897b5045b

SHA1 hash:

9b6566603e3a292482788924a83a1d94a9cd4627

Link:

https://www.unpac.me/results/5aa86793-eb8c-4142-9d1d-1cee8462b875/

SH256 hash:

d126f5dd32a015425507c7f8010ea43f25d2313236447fdf6cdefb16dd1d25c1

MD5 hash:

faa9a909e58a841ab53e13b154d6a8d8

SHA1 hash:

9f6ec4e62748585050d8d964228bbc722b104f36

Link:

https://www.unpac.me/results/5aa86793-eb8c-4142-9d1d-1cee8462b875/

Malware family:

PureHVNC

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/afb5b88d2bdf/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/afb5b88d2bdfc62c7203bb195438b383d85ca24586f9ccf183f0ef6c032f4280

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Lumma_Stealer_Detection Create hunting rule
Author:	ashizZz
Description:	Detects a specific Lumma Stealer malware sample using unique strings and behaviors
Reference:	https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.