Behavioral task
behavioral1
Sample
f-mydoom.exe
Resource
win11-20241007-en
General
-
Target
W32.MyDoom.A.zip
-
Size
293KB
-
MD5
ee70b23f67565ce4822f0f5f8d24525e
-
SHA1
b7d18219951580dbd9f35d7c547ab65853dcbc76
-
SHA256
8f78806e212e18346b63aebddef9d4ffdc15e12d6c6485b73353989f382acb88
-
SHA512
5e616915ba3135b75f12bd3c20fa2c4084903fa955f4ea172e5059d4e717ed5a2184e3d1efacc019f2f9bc4d74848a8b3da888c3d3f01179260d12813becdaa9
-
SSDEEP
6144:wbcyHrF3W6aYQ5UEL2DJ7ikAjteG/QBfJv6hYRFz6FaqXCwLqbCJ:wbcqBW6aYcKN7ikAjteEKBCyRFz4LSwd
Malware Config
Signatures
-
Detects MyDoom family 1 IoCs
resource yara_rule static1/unpack006/out.upx family_mydoom -
Mydoom family
-
resource yara_rule static1/unpack001/strip-girl-2.0bdcom_patches.exe upx -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/f-mydoom.exe unpack001/strip-girl-2.0bdcom_patches.exe unpack006/out.upx
Files
-
W32.MyDoom.A.zip.zip
Password: infected
-
Netcraft www_sco_com is a weapon of mass destruction.htm.html .js polyglot
-
Netcraft www_sco_com is a weapon of mass destruction_files/n2s.gif.gif
-
Netcraft www_sco_com is a weapon of mass destruction_files/netcraft_hunger.gif.gif
-
Netcraft www_sco_com is a weapon of mass destruction_files/spdirectory.gif.gif
-
Netcraft www_sco_com is a weapon of mass destruction_files/styles-site.css
-
W32.Mydoom.htm.html
-
W32.Mydoom2.htm.html .js polyglot
-
W32.Mydoom2_files/ads.osdn.gif.gif
-
W32.Mydoom2_files/greendot.gif.gif
-
W32.Mydoom2_files/pc.gif.gif
-
W32.Mydoom2_files/pix.gif.gif
-
W32.Mydoom2_files/slc.gif.gif
-
W32.Mydoom2_files/title.gif.gif
-
W32.Mydoom2_files/topicapmedia.gif.gif
-
W32.Mydoom2_files/topicinternet.gif.gif
-
W32.Mydoom2_files/topiclinux.gif.gif
-
W32.Mydoom2_files/topicnews.gif.gif
-
W32.Mydoom2_files/topicscience.gif.gif
-
W32.Mydoom2_files/topicspace.gif.gif
-
W32.Mydoom_files/arrow.gif.gif
-
W32.Mydoom_files/dotted_line.gif.gif
-
W32.Mydoom_files/fsc_logo.jpg.jpg
Password: infected
-
W32.Mydoom_files/fsecure.css
-
W32.Mydoom_files/japanese.gif.gif
-
W32.Mydoom_files/left_subbuttonbg.gif.gif
-
W32.Mydoom_files/main_menu.js.js
-
W32.Mydoom_files/main_menu_new.js.js
-
W32.Mydoom_files/menu.js.js
-
W32.Mydoom_files/mydoom.jpg.jpg
Password: infected
-
W32.Mydoom_files/nav_contact2.gif.gif
-
W32.Mydoom_files/nav_legal.gif.gif
-
W32.Mydoom_files/nav_privacy.gif.gif
-
W32.Mydoom_files/navbar-new.gif.gif
-
W32.Mydoom_files/nmydoom.jpg.jpg
Password: infected
-
W32.Mydoom_files/radar-level-1.gif.gif
-
W32.Mydoom_files/search-go.gif.gif
-
f-mydoom.exe.exe windows:4 windows x86 arch:x86
Password: infected
5ae4ba3e388eed47486b914aec730602
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetLogicalDriveStringsA
GetFileAttributesA
MoveFileExA
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
TerminateProcess
SetFileAttributesA
GetLocalTime
SetConsoleCtrlHandler
GetSystemInfo
GetDriveTypeA
ReadFile
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetCurrentThreadId
QueryPerformanceFrequency
QueryPerformanceCounter
GetShortPathNameA
GetTickCount
SetLastError
DeleteFileA
DeviceIoControl
GetModuleHandleA
CreateFileA
CreateEventA
GetModuleFileNameA
Sleep
GetLastError
OpenProcess
GetVersionExA
GetWindowsDirectoryA
CloseHandle
FreeLibrary
LoadLibraryA
GetProcAddress
VirtualFree
HeapDestroy
IsBadWritePtr
HeapCreate
SetUnhandledExceptionFilter
SetEnvironmentVariableA
IsBadReadPtr
CompareStringA
GetEnvironmentStringsW
CompareStringW
SetEndOfFile
GetStringTypeW
GetStringTypeA
IsBadCodePtr
ExitProcess
HeapAlloc
HeapFree
MoveFileA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LCMapStringW
LCMapStringA
GetEnvironmentStrings
VirtualAlloc
WriteFile
FlushFileBuffers
SetStdHandle
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
advapi32
RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CloseServiceHandle
ControlService
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegFlushKey
FreeSid
EqualSid
RegDeleteValueA
GetTokenInformation
AllocateAndInitializeSid
RegCreateKeyExA
Sections
.text Size: 77KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
strip-girl-2.0bdcom_patches.exe.exe windows:4 windows x86 arch:x86
Password: infected
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 24KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ