MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53e965eade166aa90d1ea47c6cf49ab444218d20b97ca6873bb87c9357fc366b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MyDoom


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53e965eade166aa90d1ea47c6cf49ab444218d20b97ca6873bb87c9357fc366b
SHA3-384 hash: 7889cee3a1e9b9354032f1ee273887da935aedf0e5b2d4dc16ecefdbdf08d9ac082ae3948c368845e0b1130aaaaadf91
SHA1 hash: 79daf07d04cc7918433101470322865972a5ced5
MD5 hash: 076c055a82d47a642f514623cc2dabbf
humanhash: emma-louisiana-connecticut-nevada
File name:53e965eade166aa90d1ea47c6cf49ab444218d20b97ca6873bb87c9357fc366b
Download: download sample
Signature MyDoom
Create hunting rule
File size:47'644 bytes
First seen:2020-11-07 18:31:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5d02f6de12eb07fb22fe87e05e50d6a0 (131 x MyDoom)
ssdeep 768:SCIqdH/k1ZVcT194jpwBe95YOfQ6m72JUlQz22mLm/C73O4N/G:SNqaLV8aie9PQn7IiQC2YOOG
Threatray 18 similar samples on MalwareBazaar
TLSH F523E1517FB7AC86C21A527D1563BEA434675C3CA4D8817B7A743BBFB272A682C74030
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Worm.Mydoom-5
Create hunting rule

Win.Worm.Mydoom-6804110-0
Create hunting rule

Win.Worm.Mydoom-7
Create hunting rule

Win.Worm.Mydoom-216
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the Windows directory
Searching for the window
Delayed reading of the file
Creating a file in the %temp% directory
Connection attempt
Launching a process
Creating a window
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/53e965eade166aa90d1ea47c6cf49ab444218d20b97ca6873bb87c9357fc366b/
Gathering data
Verdict:
malicious
Similar samples:
0866503133795e4a11dc96035509b20690e54ff83bc7b097d09fb9e6a8fae609
MyDoom
0a5234bc3c80c508bcdcb942bb7b3adee8b924ca01f7a05f73d63019e0cc998d
MyDoom
50bc5eab97c30fc8a5727b329429d3c02244a5fa9bdcf4e3740d5a6cdb86d3d6
MyDoom
5b35f0e97e5fdc0a4ebf7936a92b93ad59d83b4babbfa127983ef56cf5698cea
MyDoom
aed37426ab1392058ce03af3d837334bc2127d1cc588f3ce099356934eddb1e8
MyDoom
d3edebb85f895fd4ab0579dbdefbcbb13779af0ec4b6adc17bac3e1b24b6bdbc
MyDoom
e0f9f893f02c3bd8ef86da41af4e256933e741d08e80481bc7ef157293105187
MyDoom
e181173a790c05deabbc8e2bf99c7ee55349b47e916d2bf7373cc13691f88aa9
MyDoom
e7762f57fb5e45ea8395e9c607702142c9d4875b9ed7cb5717bb77507aacc318
MyDoom
f8a58a4f5f09d424236105f30a1e00caa964fd1de11c5abb4a62d2bddaca36ce
MyDoom
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201108-457ndegknj/
Behaviour
Drops file in Program Files directory
Drops file in Windows directory
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments