Details
Malware Family DarkComet
Date Added Jan. 30, 2016, 3 a.m.
MD5 7e8d871d73ea4635b0edc25a4b716570
Sha256 b4393d2e0764d1d99ea0567047d6faad8b5eff46452063f31ccb32dce68a61f6
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 456456
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /systemfile/
SH10 1
KEYNAME System32
MUTEX DC_MUTEX-5554VTW
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA 81.234.142.134:200
GENCODE EPlMlBKiVEny
EDTPATH Flash\Flash.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 0
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 53797374656D33322E646C6C20776173206E6F74206465746563746564206F6E207468697320636F6D70757465722E20506C6561736520696E7374616C6C207468652066696C6520616E6420636F6E74696E75652E
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 192.168.2.136:localhost
MSGTITLE Error
FTPUSER apkboost
OVDNS 1
COMBOPATH 10
FTPHOST apkboost.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD 0123456789
SH9 1
OFFLINEK 1
Advertising
VirusTotal

51 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
81.234.142.134 SE
Geo Location
Yara Rules
Comments
comments powered by Disqus