Multi-License Discount Quote

Change Region

English
Threat Database Worms Worm.Bloodhound.D

Worm.Bloodhound.D

By GoldSparrow in Worms

Threat Scorecard

Popularity Rank: 16,097
Threat Level: 50 % (Medium)
Infected Computers: 624
First Seen: July 24, 2009
Last Seen: January 15, 2026
OS(es) Affected: Windows

Worm.Bloodhound.D is a mass mailing worm that drops a backdoor into your system through which a remote attacker can get full control over your PC. Worm.Bloodhound.D spreads over open network shares and through email attachments. When it is executed, Worm.Bloodhound.D will configure Windows to automatically run Worm.Bloodhound.D on each startup. Worm.Bloodhound.D will then connect to an IRC channel in order to get commands from a remote attacker. Worm.Bloodhound.D has the ability to pass through several commercial firewall programs secretly. Worm.Bloodhound.D is extremely dangerous, as it allows access to any sensitive personal and financial data stored on your computer.

SpyHunter Detects & Remove Worm.Bloodhound.D

File System Details

Worm.Bloodhound.D may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. malware.exe 7e1227b4aec9520ad6c5a8c036aa24b2 0

Analysis Report

General information

Family Name: Hacktool.Sharphound
Signature status: No Signature

Known Samples

MD5: 586f5153450ad633fca051dfe34fbe41
SHA1: da6c9d5b6ed903e8646c81784d01aac32ab02bea
SHA256: 6CD421494FA538D4FC79320407BF34DDCE3599D332DC689CFB03601273D83A70
File Size: 1.32 MB, 1315328 bytes
MD5: c740fecd7be4036f8186e91bfa85a1f8
SHA1: 11719b4db1fcef0012f74d9adaa95586b69bdb2b
SHA256: 683A9D7E56B18F58DCCB8918FD33F46485B0BA6FC4DD0765A6382A7744339D98
File Size: 832.51 KB, 832512 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 3.0.0.0
  • 2.8.0.0
Company Name SpecterOps
File Description SharpHound
File Version
  • 3.0.0.0
  • 2.8.0
Internal Name SharpHound.exe
Legal Copyright Copyright © 2019
Original Filename SharpHound.exe
Product Name SharpHound
Product Version
  • 3.0.0.0
  • 2.8.0

File Traits

  • .NET
  • Agile.net
  • Fody
  • HighEntropy
  • x86

Block Information

Total Blocks: 342
Potentially Malicious Blocks: 11
Whitelisted Blocks: 189
Unknown Blocks: 142

Visual Map

0 ? 0 0 0 0 0 0 0 0 ? ? ? x ? ? 0 0 0 ? ? x ? ? ? ? ? ? ? x ? ? ? ? ? x ? ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 0 0 0 0 ? x ? ? 0 0 0 ? 0 0 0 0 0 ? ? ? ? ? 0 ? 0 0 ? 0 0 0 ? ? 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 ? x 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 ? 0 ? 0 0 ? 0 ? 0 ? ? 0 0 0 ? 0 ? 0 x ? 0 0 ? ? 0 x 0 0 0 0 ? 0 ? ? 0 0 ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? 0 ? ? ? ? 0 ? ? ? ? 0 ? 0 ? ? ? 0 ? 0 ? 0 ? 0 0 0 ? ? ? 0 ? 0 ? 0 0 0 ? 0 ? ? 0 0 0 ? 0 0 ? 0 0 ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 ? 0 x 0 0 ? 0 ? ? 0 0 ? 0 ? ? ? ? 0 0 0 0 ? ? 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.SharpHound.A

Files Modified

File Attributes
desktop-dlos3m3*\mailslot\net\netlogon Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 沋䀣ʲ䠱O噀ñ᝹ʁ뽹ɞ傄ë駃óߙĤ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMailslotFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • NtQuerySystemInformation

Trending

Most Viewed

Loading...