Details
Malware Family DarkComet
Date Added Aug. 31, 2017, 6:25 a.m.
MD5 0401f5024825df5f58fd63cd2568fc2b
Sha256 9337ba6bbd5d3ad45f7c98b34735abee4cef97b5d57da4f7dfa1a6c58db15aea
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 32
SH10 1
CHIDEF 1
MSGTITLE
FTPPORT
FWB 0
SH6 1
FTPROOT
SH9 1
KEYNAME WinUpdate
MUTEX DC_MUTEX-U6AAZJ9
MELT 1
INSTALL 1
SID MCHEAT
SH4 1
FTPPASS
PERSINST 1
DIRATTRIB 6
SH1 1
CHIDED 1
FTPUSER
SH5 1
COMBOPATH 1
FTPHOST
SH8 1
FILEATTRIB 6
FTPUPLOADK
SH7 1
FAKEMSG 1
EDTDATE 16/04/2007
PERS 1
PWD
NETDATA 37.193.25.56:1604
MSGCORE CEF2F1F3F2E2F3E5F220F4E0E9EB2E
OFFLINEK 1
GENCODE 9j9XwX6jcZiB
FTPSIZE
CHANGEDATE 0
EDTPATH WinDoweter\WinUpdater.exe
Advertising
VirusTotal

60 out of 64 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
37.193.25.56 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus