Malicious
Unsigned executable named 'hvnc-client' flagged by tier-1 engine Symantec; HVNC is a known remote-access trojan.
861b9d48c0f408ad5f…082e781af1The verdict, reasoned out.
Not a rules engine. The MT AI Engine reads every signal we collected, weighs them against history, and commits to an answer.
The filename 'hvnc-client' is a strong adversarial signal — HVNC tools are remote-access trojans actively deployed in attacks. Symantec, a tier-1 engine, flagged the sample with a machine-learning confidence label. While the detection is generic rather than a named family signature, it is not a low-trust-only false positive (tier1Malicious=1, onlyLowTrustFlagging=false). The file is unsigned, has zero reputation, and is rare-new (1 submission, 0 days old), with no signer history to provide legitimacy. PE analysis shows normal entropy and no packing, consistent with a straightforward compiled RAT. The absence of sandbox data and external intel hits is expected for a newly submitted file and does not override the filename + tier-1 detection combination.
Each signal cites a concrete token from the evidence the arbiter saw — engine name, MITRE technique, signer string, or an exact count.
Filename 'hvnc-client (1).exe' — HVNC (Hidden VNC) is a known remote-access trojan tool used in targeted attacks
Symantec (tier-1) flagged 'ML.Attribute.HighConfidence' — tier-1 engine detection on a rare-new unsigned file
engines.tier1Malicious=1, engines.malicious=3 total; onlyLowTrustFlagging=false — not a low-trust-only false positive
File is unsigned, rare_new (1 submission), zero reputation, no signer history — no legitimate publisher backing
PE entropy normal (2.15–6.29), no packing, no high-entropy code — consistent with compiled RAT executable
- PE entropy normal (2.15–6.29 across sections) — not heavily obfuscated
- No packing detected — straightforward compiled executable
- No high-entropy code sections — consistent with standard compilation
- Filename explicitly names 'hvnc-client' — a known remote-access trojan tool
- Tier-1 engine (Symantec) flagged the sample as malicious
- File is unsigned with zero reputation and no signer history
- Rare-new prevalence (1 submission, 0 days old) — likely a fresh or newly discovered variant
- No legitimate publisher or trusted certificate backing the executable
Treat this file as malicious and do not execute. If encountered in your environment, isolate the affected system, delete the file, and perform a full malware scan. Review system logs for unauthorized remote access or suspicious network activity.
hvnc corroborated by 1 source
- MT AI Enginehvnc
3 detections across 75 engines
Section entropy & packers
Section-level entropy and packer detection from the PE header. Nothing suspicious here — entropy is within the normal range for unpacked code.
How often this file shows up in the wild
Barely seen in the wild and first surfaced recently. This is the footprint of targeted malware the AV industry hasn't signatured yet — extra scrutiny is warranted.
Forensic fingerprint
- File name
- hvnc-client (1).exe
- Size
- 1.15 MB
- MIME type
- application/x-msdownload
- Detected type
- Win32 EXE
- SHA-256
- 861b9d48c0f408ad5f6a3e1da68a1a3795472e311e01efd31b9eb2082e781af1
- MD5
- feb7462f61732c204954334d15cd5559
- SHA-1
- c8eafec4a8e3c26476c7ffd60818ab45095e1613
- PE imphash
- 39a1dfa87f2be63491cbfb6cf7af5009
- First seen (VT)
- 6/12/2026, 3:49:13 PM
- Last analysis (VT)
- 6/12/2026, 3:49:13 PM
- First scan (MalwareTips)
- 6/12/2026, 3:50:04 PM
- Last scan (MalwareTips)
- 6/12/2026, 3:50:04 PM
Reviews & malware reports(0)
Tell the community what you saw. Tag the sample — Trojan, Adware, False Positive — and share what the file did on your system. Your report helps confirm or dispute the AV verdict.