MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 6 File information Comments

SHA256 hash:	3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217
SHA3-384 hash:	100e3a7717e19a542e626fcc5da674fe597cecb7bc43405bd7bdb7984c89fa52e44f1cdde9b8d2da73df879e39687485
SHA1 hash:	f537d4385c8ca13543812b2c20a33c8f5062b753
MD5 hash:	2b3cd8cf37dbbd78474b73c89a200e45
humanhash:	comet-one-missouri-oxygen
File name:	Vertical Bars.dll
Download:	download sample
File size:	861'696 bytes
First seen:	2026-03-23 09:20:50 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	12288:4gmuo8rq5/vy9hzcX0oe/kiNIeoUolPYhlNSK8HwbDl8kFYeYlqOkDF+gyRI8ufA:4Xuo8uxihIr3UmPcuRzltkgYZX+
TLSH	T1DC056B12B3E69F16F52C4BB2C4B48C4027B4C8957A97F76B64C536D6E80B391CB23A17
TrID	88.5% (.DLL) Generic .NET DLL/Assembly (236632/4/32) 2.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 2.4% (.EXE) Win64 Executable (generic) (6522/11/2) 1.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.6% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	Skynet11
Tags:	dll MSILHeracles

Intelligence

File Origin

# of uploads :

# of downloads :

102

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/3fa29f22-8900-4494-97c1-66e73820bdc1/

Gathering data

Detection(s):

Win.Malware.Zusy-10009321-0

Win.Malware.Msilheracles-10019320-0

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69c1060daacb4c376b12fe5e

Tags:

n/a

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Gathering data

Verdict:

Malicious

Labled as:

Application.MSILheracles.Generic

Link:

https://www.hybrid-analysis.com/sample/3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217

Verdict:

Malicious

File Type:

executable.pe.32.dll

Detections:

UDS:DangerousObject.Multi.Generic

Link:

https://opentip.kaspersky.com/3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/0840bc31-b53b-465a-bfd5-4c5a25107ca1

Score:

19%

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217

Verdict:

inconclusive

YARA:

12 match(es)

Tags:

.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.34 Win 32 Exe x86

Link:

https://app.malva.re/file/2b3cd8cf37dbbd78474b73c89a200e45

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217/

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217

Threat name:

Win32.Trojan.Msilheracles

Status:

Malicious

First seen:

2026-03-23 09:21:22 UTC

File Type:

PE (.Net Dll)

Extracted files:

AV detection:

14 of 36 (38.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hvidcfsx6kcucd4ifcshk4ozojs3ryxrazyypmghtj7syb3g2ilq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/260323-lbe3psh17q/

Behaviour

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Unpacked files

SH256 hash:

3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217

MD5 hash:

2b3cd8cf37dbbd78474b73c89a200e45

SHA1 hash:

f537d4385c8ca13543812b2c20a33c8f5062b753

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

Link:

https://www.unpac.me/results/5e2c4089-c01e-4440-9187-28b2284ef010/

Parent samples :

4fb1c62f75a74fc547b2aa6ce7d8d147419212045f4d0a83d571fb93e4610613
3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217
f4da176988f23e15f2b5c5a331e2441c57b3257da196df4e0c980940af64a067

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.56

Link:

https://yomi.yoroi.company/submissions/3d50311657f285410f8828a47571d97265b8e2f1067187b0c79a7f2c0766d217

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Detect_PowerShell_Obfuscation Create hunting rule
Author:	daniyyell
Description:	Detects obfuscated PowerShell commands commonly used in malicious scripts.

Rule name:	extracted_at_0x44b Create hunting rule
Author:	cb
Description:	sample - file extracted_at_0x44b.exe
Reference:	Internal Research

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/58833/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample