主要做了三件事对zincite.log文件操作修改注册表，设置services.exe为自启项绑定端口号1034，作为服务器开放监视端口（后门）
java.exe和主程序相同的信息值文件名java.exe文件类型WIN32 EXEMD590c2d4ca3613c5d17f1c938ce076fef2文件大小41664 bytes
IOC信息
复制代码 隐藏代码家族：Mydoom描述：MyDoom是一种通过电子邮件附件和P2P网络Kazaa传播的病毒,当用户打开并运行附件内的病毒程序后，病毒就会以用户信箱内的电子邮件地址为目标，伪造邮件的源地址，向外发送大量带有病毒附件的电子邮件，同时在用户主机上留下可以上载并执行任意代码的后门。MD5S:3d466b0f8ba9f3fe03e137a34d79f68290c2d4ca3613c5d17f1c938ce076fef2b0fe74719b1b647e2056641931907f4aIPS15.54.159.1494.240.75.254TTPSUPX加壳邮件发送失败返回注册表修改自启项递归遍历获取邮箱信息搜索引擎构建链接获取邮箱信息文件特征字符串java.exeservices.exezincite"Mail Delivery Subsystem","MAILER-DAEMON","Returned mail","Bounced mail","The Post Office","Post Office","Automatic Email Delivery Software","Mail Administrator","Postmaster","MAILER-DAEMON","noreply","postmaster"Returned mail: Data format errorReturned mail: see transcript for detailsDelivery reports about your e-mailMail System Error - Returned MailMessage could not be delivereddelivery failedreportteststatuserrorhihello