mydoom | 70797cbed819ce00f1a633e0a6915437[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70797cbed819ce00f1a633e0a6915437.zip
Size

51KB
MD5

f27d22c05ea80a9883e280c061d5d930
SHA1

9f0b506263717a16f9fc47d0dc1ffbe27886fd94
SHA256

0836f9cc4cdc3cf02274f00e3fd38d05f1db010f5c9b5335c2e951470c878d72
SHA512

b7e41cda83866e923163c497be54fdc0f640169905ffc681a10170c5b1f014a4a8f1fc3b384ba91894086da8852c8d16e2cf6442643ed952878848075b738937
SSDEEP

1536:h7mLs6Q4DZAxpDybRM2472ZPgkQKfCMFEj:cLs6DDZ0lQG2NgkQKfCM0

Score

10^/10

upx mydoom

Malware Config

Signatures

Detects MyDoom family 1 IoCs

resource	yara_rule
static1/unpack001/8e845ce5b079a0c00713b6817ded9ec84022e49c6158ab18a37a03fe7a3138c7	family_mydoom

Mydoom family
mydoom

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/8e845ce5b079a0c00713b6817ded9ec84022e49c6158ab18a37a03fe7a3138c7	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8e845ce5b079a0c00713b6817ded9ec84022e49c6158ab18a37a03fe7a3138c7

Files

70797cbed819ce00f1a633e0a6915437.zip
.zip

Password: infected
8e845ce5b079a0c00713b6817ded9ec84022e49c6158ab18a37a03fe7a3138c7
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE