Details
FileName | |
---|---|
Malware Family | DarkComet |
Date Added | 2016-04-22 06:28:28 |
MD5 | 2678c2b1227f2e714780edb1fca8a77c |
Sha256 | 04b920ca81b98857395f31533d646a99f083a438607f2c050b7c105d16108ece |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPSIZE | 10 |
---|---|
SH10 | 1 |
MUTEX | DC_MUTEX-NXQ83E5 |
SH9 | 1 |
DIRATTRIB | 295 |
FTPPORT | 21 |
CHIDEF | 1 |
FAKEMSG | 1 |
SID | Arak |
OVDNS | 1 |
BIND | 1 |
SH8 | 1 |
MSGICON | 48 |
SH6 | 1 |
CHIDED | 1 |
FTPROOT | / |
MSGTITLE | Welcome |
PERS | 1 |
OFFLINEK | 1 |
MSGCORE | 57656C636F6D6520746F204461726B436F6D6574205241542E0D0A496620796F75207365652074686973206D6573736167652C206974206D65616E73207468652073747562207375636365737366756C6C792072756E7320616E6420796F752077696C6C206170656172200D0A696E20746865206D61737465722075736572206C6973742E0D0A |
CHANGEDATE | 0 |
KEYNAME | Microsoft Office |
PDNS | 127.0.0.1:support.steampowered.com|127.0.0.1:store.steampowered.com |
PERSINST | 0 |
EDTPATH | Microsoft\Microsoft Office.exe |
MELT | 0 |
COMBOPATH | 5 |
FILEATTRIB | 295 |
GENCODE | rEkf12lyJJXT |
NETDATA | awakerust.sytes.net:1604|awakerust.sytes.net:81 |
FTPUPLOADK | 1 |
SH1 | 1 |
FWB | 0 |
SH7 | 1 |
FTPPASS | db820214 |
FTPHOST | http://dltjdgus1023.dothome.co.kr/webftp/main.php |
PWD | azure2016 |
FTPUSER | dltjdgus1023 |
SH4 | 1 |
SH5 | 1 |
EDTDATE | 16/04/2007 |
SH3 | 1 |
INSTALL | 1 |
Virustotal
50 out of 56 AV Engines identified the sample as Malicious.