1.2
低危
63 个模型检测该样本为恶意!
重新分析
更多

11163fd78d6d4c122360056cf161b93a436266d83b0051e2fd87c68f8ab379e7

11163fd78d6d4c122360056cf161b93a436266d83b0051e2fd87c68f8ab379e7.exe

分析耗时

193s

最近分析

373天前

文件大小

55.9KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM MYDOOM
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.74
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Mydoom-DS [Wrm] 20200415 18.4.3895.0
Baidu Win32.Worm-Email.Mydoom.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200417 2013.8.14.323
McAfee W32/Mydoom.c.n@MM 20200417 6.0.6.653
Tencent Malware.Win32.Gencirc.10b0c17e 20200417 1.0.0.1
行为判定
动态指标
可执行文件使用UPX压缩 (2 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 63 个反病毒引擎识别为恶意 (50 out of 63 个事件)
ALYac Win32.Mydoom.L@mm
APEX Malicious
AVG Win32:Mydoom-DS [Wrm]
Acronis suspicious
Ad-Aware Win32.Mydoom.L@mm
AhnLab-V3 Win32/Mydoom.worm.33792.C
Antiy-AVL Worm[Email]/Win32.Mydoom
Arcabit Win32.Mydoom.EF57D8
Avast Win32:Mydoom-DS [Wrm]
Avira TR/BAS.Samca.qtdyf
Baidu Win32.Worm-Email.Mydoom.a
BitDefender Win32.Mydoom.L@mm
BitDefenderTheta AI:Packer.08D6C1281F
Bkav W32.MydoomU.Worm
CAT-QuickHeal Trojan.GenericPMF.S5379768
CMC Email-Worm.Win32.Mydoom!O
ClamAV Win.Worm.Mydoom-7
Comodo Worm.Win32.Mydoom.Q@3eht
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.d62c5a
Cylance Unsafe
Cyren W32/A-ea4fa60d!Eldorado
DrWeb Win32.HLLM.MyDoom.33808
ESET-NOD32 Win32/Mydoom.Q
Emsisoft Win32.Mydoom.L@mm (B)
Endgame malicious (high confidence)
F-Prot W32/Heuristic-224!Eldorado
F-Secure Trojan.TR/BAS.Samca.qtdyf
FireEye Generic.mg.7919090d62c5aa20
Fortinet W32/MyDoom.K!tr
GData Win32.Mydoom.L@mm
Ikarus Email-Worm.Win32.Mydoom
Invincea heuristic
Jiangmin I-Worm/Mydoom.l
K7AntiVirus EmailWorm ( 0000439f1 )
K7GW EmailWorm ( 0000439e1 )
Kaspersky Email-Worm.Win32.Mydoom.l
MAX malware (ai score=87)
Malwarebytes Trojan.SpamBot
MaxSecure Worm.W32.MyDoom.L
McAfee W32/Mydoom.c.n@MM
McAfee-GW-Edition BehavesLike.Win32.Mydoom.qh
MicroWorld-eScan Win32.Mydoom.L@mm
Microsoft Trojan:Win32/Malex.gen!F
NANO-Antivirus Trojan.Win32.Mydoom.hevk
Panda W32/Mydoom.M.worm
Qihoo-360 HEUR/QVM19.1.9EC5.Malware.Gen
Rising Worm.Mydoom!1.A151 (RDMK:cmRtazqoo96hdjpjSjLs4G98KkQI)
SentinelOne DFI - Malicious PE
Sophos W32/MyDoom-N
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1970-01-01 08:00:00

PE Imphash

6786ed16c434f43e76d0897f96e17f6b

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00006000 0x00006000 6.570143560991029
UPX1 0x00007000 0x00005000 0x00004600 4.593582723427378
.rsrc 0x0000c000 0x00001000 0x00000800 2.6495694551935207
.imports 0x0000d000 0x00001000 0x00000600 4.302214818783131

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000c3c4 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0000c3c4 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_GROUP_ICON 0x0000c4f0 0x00000022 LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library KERNEL32.DLL:
0x80101c GetTempFileNameA
0x801020 WriteFile
0x801024 GetSystemTime
0x801028 GetCurrentThread
0x80102c SetThreadPriority
0x801030 GetDriveTypeA
0x801034 GlobalAlloc
0x801038 FindFirstFileA
0x80103c FindNextFileA
0x801040 FindClose
0x801044 GetFileSize
0x801048 CreateFileMappingA
0x80104c MapViewOfFile
0x801050 UnmapViewOfFile
0x80105c GlobalFree
0x801060 SetEndOfFile
0x801068 GetLastError
0x80106c CreateMutexA
0x801070 GetFileAttributesA
0x801074 CopyFileA
0x801078 DeleteFileA
0x80107c CloseHandle
0x801080 CreateFileA
0x801084 SetFileAttributesA
0x801088 lstrlenA
0x80108c GetTempPathA
0x801094 lstrcatA
0x801098 lstrcpyA
0x80109c GetModuleFileNameA
0x8010a0 ExitThread
0x8010a4 Sleep
0x8010a8 CreateThread
0x8010ac ExitProcess
0x8010bc GetLocalTime
0x8010c0 GetTickCount
0x8010c4 WideCharToMultiByte
0x8010c8 GetProcAddress
0x8010cc LoadLibraryA
0x8010d0 GetModuleHandleA
0x8010d4 ReadFile
0x8010d8 SetFilePointer
0x8010dc lstrcmpiA
0x8010e0 GetProcessHeap
0x8010e4 HeapAlloc
0x8010e8 lstrcpynA
0x8010ec lstrcmpA
0x8010f0 HeapFree
Library ADVAPI32.dll:
0x801000 RegSetValueExA
0x801004 RegOpenKeyExA
0x801008 RegCreateKeyExA
0x80100c RegCloseKey
0x801010 RegEnumKeyA
0x801014 RegQueryValueExA
Library MSVCRT.dll:
0x8010f8 memset
0x8010fc tolower
0x801100 memcpy
0x801104 isdigit
0x801108 strchr
0x80110c isalnum
0x801110 isspace
0x801114 strlen
0x801118 strcpy
0x80111c strstr
0x801120 malloc
0x801124 strcat
0x801128 realloc
0x80112c fclose
0x801130 fread
0x801134 fopen
0x801138 time
0x80113c fwrite
0x801140 system
0x801144 memcmp
0x801148 free
Library USER32.dll:
0x801150 CharUpperBuffA
0x801154 CharUpperA
0x801158 CharLowerA
0x80115c wvsprintfA
0x801160 wsprintfA
0x801164 FindWindowA
0x801168 PostMessageA
Library WS2_32.dll:
0x801170 bind
0x801174 listen
0x801178 accept
0x80117c htonl
0x801180 ntohl
0x801184 connect
0x801188 send
0x80118c inet_addr
0x801190 gethostbyname
0x801194 socket
0x801198 select
0x80119c recv
0x8011a0 closesocket
0x8011a4 ntohs
0x8011a8 htons
0x8011ac sendto
0x8011b0 WSAStartup
0x8011b4 gethostname
L!This program cannot be run in DOS mode.
.imports
IEFrame
ATH_Note
rctrl_renwnd32
%s, %u %s %u %.2u:%.2u:%.2u %c%.2u%.2u
InternetGetConnectedState
Kazaa Lite
Harry Potter
ICQ 4 Lite
WinRAR.v.3.2.and.key
Winamp 5.0 (en) Crack
Winamp 5.0 (en)
ShareReactor.com
dnsapi.dll
iphlpapi.dll
DnsQuery_A
GetNetworkParams
master
sample
accoun
privacycertific
listserv
submit
suppor
crosoft
the.bat
gold-certs
service
contact
rating
someone
anyone
nothing
nobody
winzip
rarsoft
sf.net
sourceforge
google
seclist
update
domain
example
spersk
hotmail
microsoft
 
incoming
ftproot
download
USERPROFILE
yahoo.com
The original message was included as attachment
This Message was undeliverable due to the following reason:
Your message was not delivered because the destination computer was
not reachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.
Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.
Your message was not delivered within $D days:
Host $i is not responding.
The following recipients did not receive this message:
Please reply to postmaster@$F
if you feel this message to be in error.
The original message was received at $w
from $F [$i]
----- The following addresses had permanent fatal errors -----
----- Transcript of session follows -----
while talking to $T.:
>>> MAIL From:$f
<<< 501 $f... Refused
The original message was received at $w
from $F [$i]
----- The following addresses had permanent fatal errors -----
say helo to my litl friend
click me baby, one more time
status
report
delivery failed
Message could not be delivered
Mail System Error - Returned Mail
Delivery reports about your e-mail
Returned mail: see transcript for details
Returned mail: Data format error
readme
transcript
letter
attachment
document
message
postmaster
MAILER-DAEMON
noreply
"Postmaster"
"Mail Administrator"
"Automatic Email Delivery Software"
"Post Office"
"The Post Office"
"Bounced mail"
"Returned mail"
"MAILER-DAEMON"
"Mail Delivery Subsystem"
%s.zip
%d.%d.%d.%d
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: multipart/mixed;
boundary="%s"
MIME-Version: 1.0
Date:
Subject: %s
To: %s
From: %s
----=_%s_%.3u_%.4u_%.8X.%.8X
NextPart
--%s--
Content-Type: application/octet-stream;
name="%s"
Content-Transfer-Encoding: base64
Content-Disposition: %s;
filename="%s"
inline
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
This is a multi-part message in MIME format.
RC%sO:<%s>
MA%sROM:<%s>
%sO %s
E%s %s
Server
Software\Microsoft\%s %s Manager\%ss
Internet
Account
|2~^]H+
:.] KlhJ
tmp%d.%c%c%c
3WESEoEfEtEwEaErEeE\EMEiEcErEoEsEoEfEtE\EWEiEnEdEoEwEsE\ECEuErErEeEnEtEVEeErEsEiEoEnE\EPEOESEIEX]
EPEPSh
SSESPE
VPEPTE
PSElEsEaEsEsE.EeExEe]
;t2t-P
Pu_^[U<SV5
3PWESPh
ESEoEfEtEwEaErEeE\EMEiEcErEoEsEoEfEtE\EWEiEnEdEoEwEsE\ECEuErErEeEnEtEVEeErEsEiEoEnE\EREuEn]ETErEaEyEbEaEr]
EPWESPh
_^[SW|$
W^_[V5d
PVVhr,
E`PEXP
Wj<_RP3
SVWt15
PWEYCE
u3_^[3@U}
+]U$VW}
EPEwEiEnEiEnEeEtE.EdElEl
UHSV3W=
fuef9ut_f}
3f9uuv3EVPEj(Pu
Pfv5;u
_^UQQe
PCfECf
|$$39l$
D$0^|$8PUD$<UPUD$H
t$@l$D
USyYD$$Y
AD$ t|$
3_^][(
UQV3EPu
|3^QQUV
_^]YYU
tXj5fE
EP0YEYu
3_^[t$
u^QUl$
YYuF<>
F<>@t$+
3@^[_]YSVW3
CG<7@u
0uU3E,
u<@u]W3F
u3^3@U
:t <@t
u3_^[3@UQVVqYt83@V
u@ub@j
PpYY^V5T
SV333;Wt*9
3@rWSV
3_^[Vt$
^WV,Yu
u@uHV@j
EPqYt(W
u_^QQSUVW3=P
gt3333
33;tT;tP=P
@JuSVW39u
L_^3[U
;}e;}a;~
];~C;~?+
1^[E_U
WQ]]PN=
ESPWPu]
3@[Ul$
[fGdO`;vUMpEluph
3;s(Ds
@FF;r;v
ESPEYYEpDMluW
[3@^[tU4
ESEoEfEtEwEaErEeE\EMEiEcErEoEsEoEfEtE\EWEAEBE\EWEAEBE4E\EWEaEbE EFEiElEeE ENEaEmEe]
PPSSSu
buG:uCR<hu
ttx<au
ptj<su
hu!tt\<au
btN<du
BY_[U\
PYYu<hp
PYYu(hh
HPPYY-Pu
ELEoEcEaElE ESEeEtEtEiEnEgEs]ETEeEmEpEoErEaErEyE EIEnEtEeErEnEeEtE EFEiElEeEs]]
9]LVPu
8LtfLP
CY8t-P
PYYZ~^[V5P
3FOu_^U
SV3WVVVu
9ut1uPu"
EEVPSPu
E_^[U|
j.EVP'+
fufufufuxfEufEfEfE
EVuVEuEu
EfEfEEVPEj
9ut;EVPuPu
uEVEEPEj.PuEPK
.fu+EfE
fuEEPEj
^3@_^[
~$F33L
VSOYY_^[
jdY(}.B
_`3PF0
Y+t!Jt
Et7t2SP
3@_[UVW
3x~E< r8<=t4<+t0<t,<
t(<t$<@t
StI$t; t!HHt
_^]UDVWj
SV3}}3
}E9Er&EWPh
36;t*UE}
^3[_QSUVW
V_^][YUQSV5
jd3YFF}
uDWPDY@Y
@@l@#^uqj
@]@%t'8t
SV33FW9u
EEPSSPSU
~&SVWu
Ft><:t9<
uVPVPE
~.Ph8&
C;t.9.u
EuPPW\WPu
u?Et+j
EPaYYu
3@SV@WPP
fEEPpYYtC6u
tKHtAHt7H
tR;Et3j
fEEPYYt
mEE}UME}@
G?;s E
A;r_^[]UHVWj
Iu_^VjA3^f
@Nu^3T$
r3@3VW3
1+fu6GfA|3|&3jABA+ZSHf
Ju[_^3f
WjA_EWVPu
WE(uxPh
E|UnE|U(cWj
E(P4(utSEh
jA_E(3
JuE|UE(PYt[_pUl$
j@E%utP
j@EuxP}
j@Eu|Pc
HE$jAPXPN
jAE$VP<
Eu$PXPYYEEP
EXPXPeYY
E%j@Pup
uEPVPEP9EPEP
EF9}|&
YY_^[W|$
YYtrW=0
=0lOPuDe
^[UQQVu
YEYtlSW=|
h0lOPu
Y_[F(P
|_;} @;}
SVW3j@EWP
j@X+PD=Ps
YYjejxjej
3j@E VP
}H0000
ELPELY~@+;v
PPP EL
;|PE`PS
Pu)hx'
uf^[U,S39]
EPY{uuC]
SV3WFj
fEEPVYYt.~
jd3YPs
uV[YY^S
W"NYuh
YEuW+Y
FWVVPS
9ut&uu
SYYEVPEj
PSuu9uuS
^QSUVWj,
BVF$kVVFV=
3PSVhz{
PSWh>x
GetTempFileNameA
WriteFile
GetSystemTime
GetCurrentThread
SetThreadPriority
GetDriveTypeA
GlobalAlloc
FindFirstFileA
FindNextFileA
FindClose
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
GlobalFree
SetEndOfFile
GetEnvironmentVariableA
GetLastError
CreateMutexA
GetFileAttributesA
CopyFileA
DeleteFileA
CloseHandle
CreateFileA
SetFileAttributesA
lstrlenA
GetTempPathA
GetWindowsDirectoryA
lstrcatA
lstrcpyA
GetModuleFileNameA
ExitThread
CreateThread
ExitProcess
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
GetTickCount
WideCharToMultiByte
GetProcAddress
LoadLibraryA
GetModuleHandleA
ReadFile
SetFilePointer
lstrcmpiA
GetProcessHeap
HeapAlloc
lstrcpynA
lstrcmpA
HeapFree
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyA
RegQueryValueExA
memset
tolower
memcpy
isdigit
strchr
isalnum
isspace
strlen
strcpy
strstr
malloc
strcat
realloc
fclose
fwrite
system
memcmp
CharUpperBuffA
CharUpperA
CharLowerA
wvsprintfA
wsprintfA
FindWindowA
PostMessageA
+;rMSK%nv
J-TmtQ
$pPrYH;\y
.noj8f
wnYE;r
sm@f=AB
hh6Gfpn|#
|&^bBA+ZS
}^WB_X@
_(5^*'_
tSEFtP7
, aNM~XX
nl9YJ.u+YtV[i
X.Abvl7(d
_xFZ h
WN_KMe
CS;~S[`+{
Qr(`T,oYt>)
lOPuDHL%db
>q70}:
;?| 4l
w__;}a
YP"z'GC
lRtSMpW?xp5
hncaH0
wu)P/xAl
y@*-&@'_Z
!5&#cD
pBmu=i
fgT@EH5
[P71/}
&xE[f;
U`eb{[m&
&T#zW*
P]p=V^^Y[@~
n("F$A
l)>7`03V4i
G]%Djd
bNT!E"
~#6"azp
.l( G;(|
~k;~!,
rjv(kNhu
9t&ET`
lsc:qRH
PGtop&0=
At-^(Eehz{
GF?x\G
HYWWh>x=I
U,TempFNAU
ve;GMGlobalAl
Cas[M$g+
ZgViewOfUnm
vHtked
von)Vaab{
sCopyx
]ESl$lqAP/h
De;y-amc
%[audeChl4M]UByt"A[s
RnIPoi
;i6`H.
3l0Ao'Gg
g`VueE
_um{@0s
d#m{[1
,`BuffA
Low3lGwvr#w
#EAYMbp
GPGWHU
wwwwwww
KERNEL32.DLL
ADVAPI32.dll
MSVCRT.dll
USER32.dll
WS2_32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
wsprintfA
KERNEL32.DLL
GetTempFileNameA
WriteFile
GetSystemTime
GetCurrentThread
SetThreadPriority
GetDriveTypeA
GlobalAlloc
FindFirstFileA
FindNextFileA
FindClose
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
GlobalFree
SetEndOfFile
GetEnvironmentVariableA
GetLastError
CreateMutexA
GetFileAttributesA
CopyFileA
DeleteFileA
CloseHandle
CreateFileA
SetFileAttributesA
lstrlenA
GetTempPathA
GetWindowsDirectoryA
lstrcatA
lstrcpyA
GetModuleFileNameA
ExitThread
CreateThread
ExitProcess
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
GetTickCount
WideCharToMultiByte
GetProcAddress
LoadLibraryA
GetModuleHandleA
ReadFile
SetFilePointer
lstrcmpiA
GetProcessHeap
HeapAlloc
lstrcpynA
lstrcmpA
HeapFree
ADVAPI32.dll
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyA
RegQueryValueExA
MSVCRT.dll
memset
tolower
memcpy
isdigit
strchr
isalnum
isspace
strlen
strcpy
strstr
malloc
strcat
realloc
fclose
fwrite
system
memcmp
USER32.dll
CharUpperBuffA
CharUpperA
CharLowerA
wvsprintfA
wsprintfA
FindWindowA
PostMessageA
WS2_32.dll
bARzDKM
>BeBAA
-?C~eCm;
q'D3!?s
XI@`>x
eeS2d4
%Dz_dD92
7g e.P
v&EMAA
f-ZkLQ
SnBRb_
1<_cAo
T=Bpq}O
sFD?(Cr
(p?s-C
#EiDWdm
WD\ ~O: A
s0D1HV
s2/rD|
D:M}E"s=BH0
|"vBjAPG
kD#pQ&'
8X+ZM0
PiA(z"
B _pE
SJB}`n
$)>BzC#qC&
PzC:@C
+MhMEsq
,CWB}Qk
C7?+<jC
yQDM@A
A0o?KA&"
BrFYXDP
CjbCqb
MD*6@f!
PqDP}N"u
2?|OA\
,=C05+D
_DgBB&E
PAH73>3
mP@!5IDm
AE6LAY
YNQ~C@hD
8UBA1Bx
'd7ACjz
DHzD(}
dAjA{`
#MhCU^
vCan|E
{CI<oM
UUUUUUUU

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.