Details
Malware Family DarkComet
Date Added May 25, 2016, 3 a.m.
MD5 38168099b81dc2351ee9ec93e30209ee
Sha256 12094b612b8528b09df2a1c9947099b352798f7d7a5154f524491d741ec4f43d
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Ghost
FTPPASS 12qwaszX
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /Logs
SH10 1
KEYNAME Microappls
MUTEX DCMIN_MUTEX-PAVCUJB
FILEATTRIB 3
EDTDATE 30/04/2012
NETDATA diablo228.ddns.net:1604
GENCODE vpFqY3e4EHmH
EDTPATH windows\apps.exe
MSGICON 0
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 3
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE Hello is virus
FTPSIZE 1000
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 1
PDNS 127.0.0.1:virustotal.com|127.0.0.1:www.virustotal.com
MSGTITLE mdrr
FTPUSER xcursayer
OVDNS 1
COMBOPATH 3
FTPHOST ftp.drivehq.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD 1234554321
SH9 1
OFFLINEK 1
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
diablo228.ddns.net 0
Geo Location
Yara Rules
Comments
comments powered by Disqus