MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PureHVNC


Vendor detections: 8


Intelligence 8 IOCs YARA 29 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6
SHA3-384 hash: 5b8e3854e38b19f20462643cdb79dbf9f05994e51c540fd0c2f8cddc6aafa9d06b2a6e742f48da0194c01df35a77b03a
SHA1 hash: 73a6237db158856dd5e6fde6de9f61f2f7998b21
MD5 hash: a22a303ffe908ea50ce29105fa1f90a6
humanhash: gee-asparagus-quebec-november
File name:halfmillion-iq(1).zip
Download: download sample
Signature PureHVNC
Create hunting rule
File size:6'609'841 bytes
First seen:2026-04-24 13:03:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:+Zftmuv3UHLTvWmP60uU+HB/OGUElH6XU8YYlbHXUD:+BooW+mP6rU+h/PUEl0U8YYlbED
TLSH T175663333F56C09C6E437E5BEE0E21690C7E2130ED803D43BD6A16AD471E778A45CE69A
Magika zip
Reporter JAMESWT_WT
Tags:booking halfmillion-iq-com nisuwyyyqsafdas-com PureHVNC zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
IT IT
File Archive Information

This file archive contains 12 file(s), sorted by their relevance:

File name:psl.exe
File size:66'184 bytes
SHA256 hash: 68e81ce966ca0c016bb638d0d29b106a0da7eab2ddf70438d8182fa89baf5d78
MD5 hash: 7a682a9da479baec38d5d43a02b604e9
MIME type:application/x-dosexec
Signature PureHVNC
File name:libintl-8.dll
File size:311'976 bytes
SHA256 hash: 014537629d17e625e3f3052e59b5aaad80233af0191b950367b7db06228b46de
MD5 hash: 5ff474738f95cd79dfad97305ff6c6fd
MIME type:application/x-dosexec
Signature PureHVNC
File name:libidn2-0.dll
File size:257'408 bytes
SHA256 hash: c6296ac4f38ab5f6b66ccea54f337eb61e4b4c64c6cbef9b422d40906102ed23
MD5 hash: dd739331842b79885453706d874a4366
MIME type:application/x-dosexec
Signature PureHVNC
File name:msys-intl-8.dll
File size:121'856 bytes
SHA256 hash: 9517978d663b324f80b3ad454e0f6a99db9cbd5022e98cea93808ddd64630aed
MD5 hash: 07bb931d03cfaf310b0369175797c719
MIME type:application/x-dosexec
Signature PureHVNC
File name:libunistring-5.dll
File size:2'236'904 bytes
SHA256 hash: 351ab6db834de03308e468a660dd93cb76d1e60aa213c7fce1c36603c431b7ba
MD5 hash: f6027bba63f798a5db8ce3f43bfda60e
MIME type:application/x-dosexec
Signature PureHVNC
File name:msys-2.0.dll
File size:3'371'536 bytes
SHA256 hash: 7ad917358bf910168a051aa46670fc5fbe300cd5e63fa2691ca6909237332118
MD5 hash: 8e727844e0eed3e4b14d2d87195d71b8
MIME type:application/x-dosexec
Signature PureHVNC
File name:libpsl-5.dll
File size:2'623'488 bytes
SHA256 hash: 13b10bfab5e95d07ccc1e708866b4331e1dbf2230a242cc9c050ee01a5eed6ec
MD5 hash: 08bea2d932f81bd98c5213dfaf546b07
MIME type:application/x-dosexec
Signature PureHVNC
File name:msys-iconv-2.dll
File size:1'108'800 bytes
SHA256 hash: b76044939dd5d6c6b7cf0d0cf877db6a2d8d7fd433212b78c837ba58f77a1775
MD5 hash: c29ee585eb10ad99a3a87aad2a772517
MIME type:application/x-dosexec
Signature PureHVNC
File name:msys-psl-5.dll
File size:83'128 bytes
SHA256 hash: 465a677a62faf17255a910e52ec595e277831acf471048e84229a60417f0e7d1
MD5 hash: fbef212371b36a54980ac886bee50b4e
MIME type:application/x-dosexec
Signature PureHVNC
File name:libiconv-2.dll
File size:1'146'840 bytes
SHA256 hash: 9740c8a8351587206aff71a976b9fea7457e59126807216b2e76f68a41579ed4
MD5 hash: 9a47e690745d2abf439b3466abb0ec16
MIME type:application/x-dosexec
Signature PureHVNC
File name:msys-unistring-5.dll
File size:2'074'976 bytes
SHA256 hash: 7c6c656d2413d2398f99de4616416319eaea0d9f91ab8a6efa953b2fe7def760
MD5 hash: 5374fcf8f138a6a0f84cfa8a3602e59c
MIME type:application/x-dosexec
Signature PureHVNC
File name:msys-idn2-0.dll
File size:207'760 bytes
SHA256 hash: 7912f8204e5b57fe00d59f9b346fcc04137237c879e0af48d2e6167fc21cb937
MD5 hash: fd464b8caab9e46e6a917f490b6b8643
MIME type:application/x-dosexec
Signature PureHVNC
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/5ce92958-2223-43fa-9778-aecdbed073eb/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e789984aed15d0792ed0fe
Tags:
injection obfusc
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6/results/dashboard
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
First seen:
2026-04-24T11:22:00Z UTC
Last seen:
2026-04-24T13:55:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6/results?tab=lookup
Score:
98%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6/
Threat name:
Win64.Trojan.Ravartar
Create hunting rule
Status:
Malicious
First seen:
2026-04-24 12:58:34 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wk63dknfovs7bxsyai25rlqly4g75o23nvgmar7jn7vd5cpxcwta._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/260424-q13bract5x/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerHiding__Thread
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:Weedhack_Family_Generic
Create hunting rule
Author:jlab
Description:Generic Weedhack family detection

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PureHVNC

zip b2bdb1a9a57565f0de580235d8ae0bc70dfebb5b6d4cc047e96fea3e89f715a6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3830431/
  
Delivery method
Distributed via web download

Comments