MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SimpleHelp


Vendor detections: 11


Intelligence 11 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b
SHA3-384 hash: a0bff28ae3063e529e4e847c70a830ea9a11acb728f89b270bcec6770e3a6352955d8872caeb795385540c6dfcefd82c
SHA1 hash: 61d4b61d6d483ed33995864ecd40ff1e1170834b
MD5 hash: b861377796b837a0472c6925b4638d35
humanhash: arizona-orange-stream-vermont
File name:Inder-POL.exe
Download: download sample
Signature SimpleHelp
Create hunting rule
File size:1'725'848 bytes
First seen:2026-03-18 17:00:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4dcdd102066c792bcf91dce0ad10afac (3 x SimpleHelp)
ssdeep 49152:0aHqbMGOOMRjiornbPOBrwIt2OwihPJSfkKIxVV:lTdZiJrRDwIBSMKIxVV
Threatray 218 similar samples on MalwareBazaar
TLSH T1CD85016AF7A618F1D9A7D838C6928763FFB17168031462D707A08D666F733E06A3D305
TrID 39.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
21.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
8.3% (.EXE) Win64 Executable (generic) (6522/11/2)
6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
Reporter Anonymous
Tags:exe signed SimpleHelp

Code Signing Certificate

Organisation:SimpleHelp Ltd
Issuer:thawte SHA256 Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2015-11-19T00:00:00Z
Valid to:2018-01-14T23:59:59Z
Serial number: 02da672a66e820157d3ea3c02d8edd0d
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: bffa0d0f299c6b84712412d6bb748f3f7fea913537695f90ae9d693504eda700
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
https://github.com/nitzanigadi-rgb/RR/raw/refs/heads/main/Run-POLICE-0226.exe
Verdict:
Malicious activity
Analysis date:
2026-03-10 09:30:45 UTC
Tags:
github adware simplehelp rmm-tool loader
Link:
https://app.any.run/tasks/cd00b593-252e-4492-83cb-c263e8d51c8c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/58008/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69bada6193b644ca466b5fc6
Tags:
injection obfusc sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Connection attempt
Sending an HTTP GET request
Delayed writing of the file
Creating a process from a recently created file
Creating a file in the %temp% subdirectories
Moving a recently created file
Launching a process
Replacing files
DNS request
Creating a file in the %AppData% subdirectories
Creating a service
Launching a service
Searching for synchronization primitives
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Enabling autorun for a service
Launching the process to change the firewall settings
Gathering data
Verdict:
Malicious
Labled as:
Win64/RemoteAdmin.SimpleHelp
Link:
https://www.hybrid-analysis.com/sample/36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b
Result
Gathering data
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b/results?tab=lookup
Malware family:
SimpleHelp Ltd
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/376781dd-bb6c-4764-b20c-c64ab977cdf9
Score:
36%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b/
Verdict:
Malicious
Threat:
Family.SIMPLEHELP
Link:
https://tip.neiki.dev/file/36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gymjwuenz4e2mouemlarx223cngzll5esidb7dm2caxcizi3nf5q._file
Verdict:
malicious
Label(s):
admintool_simplehelp
Create hunting rule
Similar samples:
15ce8f62c93ff546140fd25005bd62a13e7f35c7f6744dfa964e795c0f303201
SimpleHelp
36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b
SimpleHelp
4c157152266def1d6212eb8400e297a389cc5edeaf667d7ff523689bd2a14cf6
SimpleHelp
98c7b7f93d66c39b0a4d172cfdf0182a337ce39aa68d663718c1e67d0a05c152
SimpleHelp
b80792b49a6d96869442a21ecaf09e6c68bf2ef4c9c161932c6f8ac8658c23ad
SimpleHelp
ed3d67177d52e3a2a480887694bb17982365f00f6478ddffef1bcb992e47085b
SimpleHelp
error
SimpleHelp
f692b2e941d184ab8f76cdab07ff8ad78fd0c0728b1377470f3b0c7a64eda0c4
SimpleHelp
+ 208 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
backdoor defense_evasion discovery persistence privilege_escalation rat
Link:
https://tria.ge/reports/260318-vjpfsahs9v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
Network Share Discovery
Executes dropped EXE
Loads dropped DLL
Modifies Windows Firewall
Unpacked files
SH256 hash:
36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b
MD5 hash:
b861377796b837a0472c6925b4638d35
SHA1 hash:
61d4b61d6d483ed33995864ecd40ff1e1170834b
Link:
https://www.unpac.me/results/93771c2b-5687-4979-95ce-1d3e90d05bec/
SH256 hash:
f16b39ef342323d997b2cc9b649a94b6ebd12954671f357d1ed690bd7eb5ba7f
MD5 hash:
71dc11c495355f883498ff5e8702bb3d
SHA1 hash:
9685190619088991a89ab6b96f8595453bb7f795
Link:
https://www.unpac.me/results/93771c2b-5687-4979-95ce-1d3e90d05bec/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/36189b508dcf09a63a8462c11beb5b134d95afa492061f8d9a102e24651b697b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/58008/

Comments