Sonicwall Signatures


Go to All Categories list.

MyDoom.A_1 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. MyDoom.A_1 has a file size of 200,150 bytes. This malware is written in Borland Delphi.

MyDoom.A_1 drops the following files on the hard drive:

  • C:\WINDOWS\TEMP\ota0189.tmp (176128 bytes)
  • C:\WINDOWS\SYSTEM32\shimgapi.dll (4096 bytes)
  • C:\WINDOWS\TEMP\Message (2560 bytes)
It also changes Windows registry:
  • Creates key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\Version".
  • Creates key "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\Version".
  • Sets value "default"="C:\WINDOWS\SYSTEM32\shimgapi.dll" in key "HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32".
MyDoom.A_1 makes the following additional changes to the infected computer:
  • Creates WindowsHook monitoring call windows procecdures activity.
It also has possible backdoor functionality [unknown] port 3127.

Relevant Information