MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mydoom

Vendor detections: 15

Intelligence 15 IOCs YARA 3 File information Comments

SHA256 hash:	fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151
SHA3-384 hash:	f0bdd000b4f7c33a98bf63a377061b0cd0ca33f4721f67fc8d139c997eaf6a61b50fe1a76060680155875cf345f62b07
SHA1 hash:	f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5
MD5 hash:	53df39092394741514bc050f3d6a06a9
humanhash:	london-spring-one-emma
File name:	MyDoom (1).exe
Download:	download sample
Signature	Mydoom Create hunting rule
File size:	22'528 bytes
First seen:	2025-01-23 16:43:21 UTC
Last seen:	2025-04-21 04:26:54 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	91f7ec032570f8df9543af95a4d3909a (13 x Mydoom)
ssdeep	384:96ZQHXcE7hUHwT56cC9Kg65JdwGADkHw/Rjxtuu7VIGGwQWEqpD6:CavuHAUcW/ojwG6kHw/lxqbW
Threatray	1 similar samples on MalwareBazaar
TLSH	T134A2E14996B41DFBC08707728AB3761197551538E0F99387E73C4F9FA0762A8F74E902
TrID	27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 20.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.5% (.EXE) Win32 Executable (generic) (4504/4/1) 8.4% (.ICL) Windows Icons Library (generic) (2059/9) 8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
dhash icon	e4d0e4e4ece4f4fc (16 x Mydoom)
Reporter	MrMalware
Tags:	exe Mydoom

Intelligence

File Origin

# of uploads :

# of downloads :

475

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

MyDoom.zip

Verdict:

Malicious activity

Analysis date:

2024-02-03 18:17:52 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e4db467a-617a-4d53-a933-f955bf1a7018

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

Win.Worm.SCO-4

Win.Worm.SCO-1

Win.Worm.Mydoom-68

Win.Worm.SCO-2

Win.Worm.Mydoom-39

Gathering data

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a file in the Windows subdirectories

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

mydoom novarg packed packed packed packer_detected upx waledac

Link:

https://www.filescan.io/uploads/679271d481c09f5d43447764/reports/e2d5a85d-762d-49e4-a571-232db3477878/overview

Verdict:

Malicious

Labled as:

Worm.Mydoom

Link:

https://www.hybrid-analysis.com/sample/fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

MYDOOM

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2c52f349-dc85-46cd-b238-d722d8b7dd29

Result

Threat name:

MyDoom

Detection:

malicious

Classification:

spre.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1597806

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Contains functionality to detect sleep reduction / modifications

Found evasive API chain (may stop execution after checking mutex)

Joe Sandbox ML detected suspicious sample

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected MyDoom

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151/

Threat name:

Win32.Worm.Mydoom

Status:

Malicious

First seen:

2011-07-03 13:59:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

36 of 38 (94.74%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=77ymz5p6v5ounmuv65yk2omlnvlsscnqbyvyxti3dqugy4gnsfiq._file

Verdict:

malicious

Label(s):

mydoom

Similar samples:

error

Mydoom

fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151

Mydoom

Result

Malware family:

mydoom

Score:

10/10

Tags:

family:mydoom discovery upx worm

Link:

https://tria.ge/reports/250123-t8sn3axlgm/

Behaviour

System Location Discovery: System Language Discovery

Drops file in System32 directory

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

Mydoom family

Detects MyDoom family

MyDoom

Verdict:

Malicious

Tags:

Win.Worm.SCO-4

YARA:

n/a

Link:

https://app.threat.zone/submission/240996c1-783a-4a7e-9426-22535798024f

Unpacked files

SH256 hash:

db7b092bbef9137cca0fccf798461aaa6f2b536e62612607bee90e35072944c1

MD5 hash:

035976530e981cb2ca257b07ce981430

SHA1 hash:

8127e09a660c442669faf16a1211b3f4e1fd2a98

Link:

https://www.unpac.me/results/49cd5668-54b1-4912-9416-8438f84f951b/

SH256 hash:

a3b416c51e7abfe216048182c7fea8e6b89b6c0599fb966093d89a119d1765d1

MD5 hash:

bff78831f5661afde6b4961bb6994ec7

SHA1 hash:

05631407e967c0c15a60414c6eb07e9b4796dc65

Link:

https://www.unpac.me/results/49cd5668-54b1-4912-9416-8438f84f951b/

SH256 hash:

fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151

MD5 hash:

53df39092394741514bc050f3d6a06a9

SHA1 hash:

f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5

Link:

https://www.unpac.me/results/49cd5668-54b1-4912-9416-8438f84f951b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mydoom

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser Create hunting rule
Author:	malware-lu

Rule name:	upx_3 Create hunting rule
Author:	Kevin Falcoz
Description:	UPX 3.X

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mydoom

exe fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/73188/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/73189/

URLhaus

https://urlhaus.abuse.ch/url/73221/

URLhaus

https://urlhaus.abuse.ch/url/73222/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample