查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
---|---|---|---|
Alibaba | None | 20190527 | 0.3.0.5 |
Avast | Win32:Mydoom-EG [Trj] | 20200411 | 18.4.3895.0 |
Baidu | Win32.Worm-Email.Mydoom.a | 20190318 | 1.0.0.2 |
CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
Kingsoft | None | 20200412 | 2013.8.14.323 |
McAfee | W32/Mydoom.c.n@MM | 20200412 | 6.0.6.653 |
Tencent | Worm.Win32.Mydoom.l | 20200412 | 1.0.0.1 |
description | 0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe 试图睡眠 172.74 秒,实际延迟分析时间 172.74 秒 |
file | C:\Users\Administrator\AppData\Local\Temp\tmp380.tmp |
section | {'name': 'UPX1', 'virtual_address': '0x00007000', 'virtual_size': '0x00005000', 'size_of_data': '0x00004600', 'entropy': 7.897902341253568} | entropy | 7.897902341253568 | description | 发现高熵的节 | |||||||||
entropy | 0.8974358974358975 | description | 此PE文件的整体熵值较高 |
section | UPX0 | description | 节名称指示UPX | ||||||
section | UPX1 | description | 节名称指示UPX |
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar | reg_value | C:\Windows\lsass.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts |
ALYac | Worm.Mydoom |
APEX | Malicious |
AVG | Win32:Mydoom-EG [Trj] |
Acronis | suspicious |
Ad-Aware | Worm.Generic.23834 |
AhnLab-V3 | Win32/Mydoom.worm.22020.H |
Antiy-AVL | Worm[Email]/Win32.Mydoom |
Avast | Win32:Mydoom-EG [Trj] |
Avira | TR/BAS.Samca.zictf |
Baidu | Win32.Worm-Email.Mydoom.a |
BitDefender | Worm.Generic.23834 |
BitDefenderTheta | AI:Packer.ABA073F91F |
Bkav | W32.MyDoomLB.Worm |
CAT-QuickHeal | Worm.Mydoom |
CMC | Email-Worm.Win32.Mydoom!O |
ClamAV | Win.Worm.Mydoom-5 |
Comodo | Worm.Win32.Mydoom.Q@308v |
CrowdStrike | win/malicious_confidence_100% (D) |
Cybereason | malicious.63ec71 |
Cyren | W32/Mydoom.CJDZ-5239 |
DrWeb | Win32.HLLM.MyDoom.33808 |
ESET-NOD32 | Win32/Mydoom.Q |
Emsisoft | Worm.Generic.23834 (B) |
Endgame | malicious (moderate confidence) |
F-Prot | W32/Mydoom.M |
F-Secure | Email-Worm:W32/Mydoom.gen!A |
FireEye | Generic.mg.254c4a763ec71bbc |
Fortinet | W32/MyDoom.M@mm |
GData | Worm.Generic.23834 |
Ikarus | Email-Worm.Win32.Mydoom |
Invincea | heuristic |
Jiangmin | I-Worm/Zhelatin.sq |
K7AntiVirus | EmailWorm ( 0000439f1 ) |
K7GW | EmailWorm ( 0000439f1 ) |
Kaspersky | Email-Worm.Win32.Mydoom.l |
MAX | malware (ai score=81) |
Malwarebytes | Worm.Agent |
MaxSecure | Trojan.Malware.300983.susgen |
McAfee | W32/Mydoom.c.n@MM |
McAfee-GW-Edition | BehavesLike.Win32.Mydoom.mc |
MicroWorld-eScan | Worm.Generic.23834 |
Microsoft | Worm:Win32/Mydoom.L@mm |
NANO-Antivirus | Trojan.Win32.Mydoom.cuyllc |
Panda | W32/Mydoom.DN.worm |
Qihoo-360 | Worm.Win32.Mydoom.A |
Rising | Worm.Mail.Win32.Mydoom.l (RDMK:cmRtazraxjHf5ENWSePy207SGPLj) |
SUPERAntiSpyware | Worm.MyDoom |
SentinelOne | DFI - Malicious PE |
Sophos | W32/MyDoom-N |
Symantec | W32.Mydoom.gen@mm |
Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
---|---|---|---|---|
UPX0 | 0x00001000 | 0x00006000 | 0x00000000 | 0.0 |
UPX1 | 0x00007000 | 0x00005000 | 0x00004600 | 7.897902341253568 |
.rsrc | 0x0000c000 | 0x00001000 | 0x00000800 | 2.6495694551935207 |
Name | Offset | Size | Language | Sub-language | File type |
---|---|---|---|---|---|
RT_ICON | 0x0000c3c4 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
RT_ICON | 0x0000c3c4 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
RT_GROUP_ICON | 0x0000c4f0 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
No hosts contacted.
No domains contacted.
No TCP connections recorded.
No UDP connections recorded.
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts
Name | db9ee2d56534ce47_gpban1l3.txt |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\gpban1l3.txt |
Size | 1.0KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | data |
MD5 | 8cbe89a54ff38a27a34ade4a999136b0 |
SHA1 | 245885d6be63c6e8163366562514bd940fae4f1d |
SHA256 | db9ee2d56534ce471729ec4fa2835c2eac264ad4d74f5162559a523890b98f39 |
CRC32 | C646C015 |
ssdeep | None |
Yara | None matched |
VirusTotal | Search for analysis |
Name | e3b0c44298fc1c14_lsass.exe |
---|---|
Size | 0.0B |
Type | empty |
MD5 | d41d8cd98f00b204e9800998ecf8427e |
SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
CRC32 | 00000000 |
ssdeep | None |
Yara | None matched |
VirusTotal | Search for analysis |
Name | ab42ccdde7f4fc57_tmp561C.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp561C.tmp |
Size | 21.6KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | Zip archive data, at least v1.0 to extract, compression method=store |
MD5 | 754e695cc84e8217d4a9d04797b8c3d1 |
SHA1 | 300ee08e2366b0b97640a1140e266ff774f565d8 |
SHA256 | ab42ccdde7f4fc577f8649e061f61c2ae569ec13c3b9926c531bf4079cd09aac |
CRC32 | CC1EEF1A |
ssdeep | None |
Yara |
|
VirusTotal | Search for analysis |
Name | 50bb059eb4619774_tmp601A.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp601A.tmp |
Size | 21.6KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | Zip archive data, at least v1.0 to extract, compression method=store |
MD5 | d73b96d5959911549767ec36fc45e06f |
SHA1 | de3d9d56c113971cc9bf6786d73135f3c2d4dead |
SHA256 | 50bb059eb46197744e600cee7ea70a5b81bd78f569642db78aafac5b1f668bdb |
CRC32 | 1BADD3AF |
ssdeep | None |
Yara |
|
VirusTotal | Search for analysis |
Name | 740f2dfcce903e93_tmp5D59.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp5D59.tmp |
Size | 21.6KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | Zip archive data, at least v1.0 to extract, compression method=store |
MD5 | 1dd54cbeb43e58026f5558c669cf7115 |
SHA1 | a59db0ac14d3c6dbacc71e0bdcc49b408d8ba2b4 |
SHA256 | 740f2dfcce903e93fb4b6c2e1259cc6765fe829df511cc49ade80538c51db2a4 |
CRC32 | 2CCB0C01 |
ssdeep | None |
Yara |
|
VirusTotal | Search for analysis |
Name | ce534b7710d50ebd_tmp5BF0.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp5BF0.tmp |
Size | 21.6KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | Zip archive data, at least v1.0 to extract, compression method=store |
MD5 | 2ba20a010876f47e5834881b99f0ff55 |
SHA1 | 2c0a4fb0ada27e0dc17c79cd141d91832a9b452d |
SHA256 | ce534b7710d50ebde650b36b1f4ecf3d85e5616cbf6127932e6978e0461ed9d7 |
CRC32 | 40EFA802 |
ssdeep | None |
Yara |
|
VirusTotal | Search for analysis |
Name | 543552abaa42696a_tmp380.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp380.tmp |
Size | 21.5KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5 | e38cedd9fc1fa618d6261f17b169e3a6 |
SHA1 | 6dcf78ff0fa5b839a7aa0693f69fdef4040460c8 |
SHA256 | 543552abaa42696a4fcfe88b777b188a8d6c32d6c03214afcaa9dcc1b62b1c95 |
CRC32 | C03776C1 |
ssdeep | None |
Yara | None matched |
VirusTotal | Search for analysis |
Name | 76b379a1aa7b13d9_tmp48B.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp48B.tmp |
Size | 21.9KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | Zip archive data, at least v1.0 to extract, compression method=store |
MD5 | aa7be845362dc02976edfec805318303 |
SHA1 | c6b7d80c5fe036255c4d6d0355b18c2f5bd59e56 |
SHA256 | 76b379a1aa7b13d90aaf76e83579b7655c6e600620d1fd74f377816ae67af08b |
CRC32 | 98A34DDF |
ssdeep | None |
Yara |
|
VirusTotal | Search for analysis |
Name | 6fc82262da200fc3_tmp5787.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp5787.tmp |
Size | 21.6KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | Zip archive data, at least v1.0 to extract, compression method=store |
MD5 | 988d7364cad6df5c19a6b43a18d2a2cb |
SHA1 | cf68c724baff6cc685e2fd2ade2fa1e5108ab3c2 |
SHA256 | 6fc82262da200fc30b01411e6e58e095ebbb4fd09491a832dd93d855426938ea |
CRC32 | 2E9C6333 |
ssdeep | None |
Yara |
|
VirusTotal | Search for analysis |
Name | 039ded18a6f43850_tmp703A.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp703A.tmp |
Size | 21.6KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | Zip archive data, at least v1.0 to extract, compression method=store |
MD5 | 28b61419554c143cd75f27dfa2fac858 |
SHA1 | ca1fcda83eb345fcf4c940beac22d66ccf47c7fb |
SHA256 | 039ded18a6f43850c54bbf3f1567f9c1ef1ec539218670fe2b44c002b71a6904 |
CRC32 | B1602986 |
ssdeep | None |
Yara |
|
VirusTotal | Search for analysis |
Name | 3f9679a359c06cce_tmp5AD6.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp5AD6.tmp |
Size | 21.9KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | Zip archive data, at least v1.0 to extract, compression method=store |
MD5 | 0bb16b208831aba7edf1d89d59452b83 |
SHA1 | 6ca6d34dc5457d80416702d4e6096b30196febcb |
SHA256 | 3f9679a359c06cce29edcfae896c069e2a4bbb6bad0983494a299fca7b541748 |
CRC32 | 4B4018C7 |
ssdeep | None |
Yara |
|
VirusTotal | Search for analysis |
Name | faca76a0b8d18277_tmp5EE0.tmp |
---|---|
Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp5EE0.tmp |
Size | 22.1KB |
Processes | 2600 (0b750c6ee05eddfd7f1cf108d1a83fd9347735d26b08d41f0e3ea59020bcc544.exe) |
Type | Zip archive data, at least v1.0 to extract, compression method=store |
MD5 | a9d5eabf330a222fa94dac840d0fc907 |
SHA1 | e8028682d7cca6779ffeaf027b8a367d6525cba7 |
SHA256 | faca76a0b8d1827772509a6af50683b89b0a4bb8f632548eccf9bcb96db07639 |
CRC32 | 3F5590B9 |
ssdeep | None |
Yara |
|
VirusTotal | Search for analysis |