Multi-License Discount Quote

Change Region

English
Threat Database Worms Worm.Bloodhound.D

Worm.Bloodhound.D

By GoldSparrow in Worms

Threat Scorecard

Popularity Rank: 18,290
Threat Level: 50 % (Medium)
Infected Computers: 619
First Seen: July 24, 2009
Last Seen: October 24, 2025
OS(es) Affected: Windows

Worm.Bloodhound.D is a mass mailing worm that drops a backdoor into your system through which a remote attacker can get full control over your PC. Worm.Bloodhound.D spreads over open network shares and through email attachments. When it is executed, Worm.Bloodhound.D will configure Windows to automatically run Worm.Bloodhound.D on each startup. Worm.Bloodhound.D will then connect to an IRC channel in order to get commands from a remote attacker. Worm.Bloodhound.D has the ability to pass through several commercial firewall programs secretly. Worm.Bloodhound.D is extremely dangerous, as it allows access to any sensitive personal and financial data stored on your computer.

SpyHunter Detects & Remove Worm.Bloodhound.D

File System Details

Worm.Bloodhound.D may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. malware.exe 7e1227b4aec9520ad6c5a8c036aa24b2 0

Analysis Report

General information

Family Name: Hacktool.Sharphound
Signature status: No Signature

Known Samples

MD5: 586f5153450ad633fca051dfe34fbe41
SHA1: da6c9d5b6ed903e8646c81784d01aac32ab02bea
SHA256: 6CD421494FA538D4FC79320407BF34DDCE3599D332DC689CFB03601273D83A70
File Size: 1.32 MB, 1315328 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 2.8.0.0
Company Name SpecterOps
File Description SharpHound
File Version 2.8.0
Internal Name SharpHound.exe
Original Filename SharpHound.exe
Product Name SharpHound
Product Version 2.8.0

File Traits

  • .NET
  • Agile.net
  • Fody
  • HighEntropy
  • x86

Block Information

Total Blocks: 249
Potentially Malicious Blocks: 67
Whitelisted Blocks: 155
Unknown Blocks: 27

Visual Map

? x 0 x 0 x 0 0 x x 0 0 x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 x ? 0 0 0 0 ? 0 x ? 0 x 0 x 0 x x 0 0 x 0 0 x x x x x x x 0 x 0 0 ? 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 x 0 x 0 0 0 x x x 0 x 0 ? 0 x 0 x 0 0 0 x 0 x 0 x x x ? 0 0 x 0 x 0 0 x 0 0 0 x x 0 0 0 x 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 x 0 x x 0 0 x 0 x 0 x 0 0 x x 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 x 0 x 0 x ? 0 0 0 0 0 x 0 x 0 x 0 x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.SharpHound.A

Files Modified

File Attributes
desktop-dlos3m3*\mailslot\net\netlogon Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 沋䀣ʲ䠱O噀ñ᝹ʁ뽹ɞ傄ë駃óߙĤ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMailslotFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...