Overview
overview
10Static
static
10W32.Mydoom.htm
windows7-x64
3W32.Mydoom.htm
windows10-2004-x64
3W32.Mydoom...enu.js
windows7-x64
3W32.Mydoom...enu.js
windows10-2004-x64
3W32.Mydoom...new.js
windows7-x64
3W32.Mydoom...new.js
windows10-2004-x64
3W32.Mydoom...enu.js
windows7-x64
3W32.Mydoom...enu.js
windows10-2004-x64
3f-mydoom.exe
windows7-x64
7f-mydoom.exe
windows10-2004-x64
7strip-girl...es.exe
windows7-x64
10strip-girl...es.exe
windows10-2004-x64
10Behavioral task
behavioral1
Sample
W32.Mydoom.htm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
W32.Mydoom.htm
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
W32.Mydoom_files/main_menu.js
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
W32.Mydoom_files/main_menu.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
W32.Mydoom_files/main_menu_new.js
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
W32.Mydoom_files/main_menu_new.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
W32.Mydoom_files/menu.js
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
W32.Mydoom_files/menu.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
f-mydoom.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
f-mydoom.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
strip-girl-2.0bdcom_patches.exe
Resource
win7-20240708-en
General
-
Target
8f78806e212e18346b63aebddef9d4ffdc15e12d6c6485b73353989f382acb88
-
Size
293KB
-
MD5
ee70b23f67565ce4822f0f5f8d24525e
-
SHA1
b7d18219951580dbd9f35d7c547ab65853dcbc76
-
SHA256
8f78806e212e18346b63aebddef9d4ffdc15e12d6c6485b73353989f382acb88
-
SHA512
5e616915ba3135b75f12bd3c20fa2c4084903fa955f4ea172e5059d4e717ed5a2184e3d1efacc019f2f9bc4d74848a8b3da888c3d3f01179260d12813becdaa9
-
SSDEEP
6144:wbcyHrF3W6aYQ5UEL2DJ7ikAjteG/QBfJv6hYRFz6FaqXCwLqbCJ:wbcqBW6aYcKN7ikAjteEKBCyRFz4LSwd
Malware Config
Signatures
-
Detects MyDoom family 1 IoCs
Processes:
resource yara_rule static1/unpack002/out.upx family_mydoom -
Mydoom family
-
Processes:
resource yara_rule static1/unpack001/strip-girl-2.0bdcom_patches.exe upx -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/f-mydoom.exe unpack001/strip-girl-2.0bdcom_patches.exe unpack002/out.upx
Files
-
8f78806e212e18346b63aebddef9d4ffdc15e12d6c6485b73353989f382acb88.zip
Password: infected
-
Netcraft www_sco_com is a weapon of mass destruction.htm.html .js polyglot
-
Netcraft www_sco_com is a weapon of mass destruction_files/n2s.gif.gif
-
Netcraft www_sco_com is a weapon of mass destruction_files/netcraft_hunger.gif.gif
-
Netcraft www_sco_com is a weapon of mass destruction_files/spdirectory.gif.gif
-
Netcraft www_sco_com is a weapon of mass destruction_files/styles-site.css
-
W32.Mydoom.htm.html
-
W32.Mydoom2.htm.html .js polyglot
-
W32.Mydoom2_files/ads.osdn.gif.gif
-
W32.Mydoom2_files/greendot.gif.gif
-
W32.Mydoom2_files/pc.gif.gif
-
W32.Mydoom2_files/pix.gif.gif
-
W32.Mydoom2_files/slc.gif.gif
-
W32.Mydoom2_files/title.gif.gif
-
W32.Mydoom2_files/topicapmedia.gif.gif
-
W32.Mydoom2_files/topicinternet.gif.gif
-
W32.Mydoom2_files/topiclinux.gif.gif
-
W32.Mydoom2_files/topicnews.gif.gif
-
W32.Mydoom2_files/topicscience.gif.gif
-
W32.Mydoom2_files/topicspace.gif.gif
-
W32.Mydoom_files/arrow.gif.gif
-
W32.Mydoom_files/dotted_line.gif.gif
-
W32.Mydoom_files/fsc_logo.jpg.jpg
-
W32.Mydoom_files/fsecure.css
-
W32.Mydoom_files/japanese.gif.gif
-
W32.Mydoom_files/left_subbuttonbg.gif.gif
-
W32.Mydoom_files/main_menu.js.js
-
W32.Mydoom_files/main_menu_new.js.js
-
W32.Mydoom_files/menu.js.js
-
W32.Mydoom_files/mydoom.jpg.jpg
-
W32.Mydoom_files/nav_contact2.gif.gif
-
W32.Mydoom_files/nav_legal.gif.gif
-
W32.Mydoom_files/nav_privacy.gif.gif
-
W32.Mydoom_files/navbar-new.gif.gif
-
W32.Mydoom_files/nmydoom.jpg.jpg
-
W32.Mydoom_files/radar-level-1.gif.gif
-
W32.Mydoom_files/search-go.gif.gif
-
f-mydoom.exe.exe windows:4 windows x86 arch:x86
5ae4ba3e388eed47486b914aec730602
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetLogicalDriveStringsA
GetFileAttributesA
MoveFileExA
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
TerminateProcess
SetFileAttributesA
GetLocalTime
SetConsoleCtrlHandler
GetSystemInfo
GetDriveTypeA
ReadFile
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetCurrentThreadId
QueryPerformanceFrequency
QueryPerformanceCounter
GetShortPathNameA
GetTickCount
SetLastError
DeleteFileA
DeviceIoControl
GetModuleHandleA
CreateFileA
CreateEventA
GetModuleFileNameA
Sleep
GetLastError
OpenProcess
GetVersionExA
GetWindowsDirectoryA
CloseHandle
FreeLibrary
LoadLibraryA
GetProcAddress
VirtualFree
HeapDestroy
IsBadWritePtr
HeapCreate
SetUnhandledExceptionFilter
SetEnvironmentVariableA
IsBadReadPtr
CompareStringA
GetEnvironmentStringsW
CompareStringW
SetEndOfFile
GetStringTypeW
GetStringTypeA
IsBadCodePtr
ExitProcess
HeapAlloc
HeapFree
MoveFileA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LCMapStringW
LCMapStringA
GetEnvironmentStrings
VirtualAlloc
WriteFile
FlushFileBuffers
SetStdHandle
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
advapi32
RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CloseServiceHandle
ControlService
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegFlushKey
FreeSid
EqualSid
RegDeleteValueA
GetTokenInformation
AllocateAndInitializeSid
RegCreateKeyExA
Sections
.text Size: 77KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
strip-girl-2.0bdcom_patches.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 24KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ