Details
Malware Family DarkComet
Date Added Nov. 7, 2015, 6:14 p.m.
MD5 87bc72430c0876181095a0bacc3ba1f0
Sha256 d263fd7fba1639bac43ee27de61d0c66e131fa0ad420d822d5aaa4fedb39c97e
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
FTPPORT 21
FWB 0
EDTDATE 16/04/2007
INSTALL 1
SID PaulCrypt
FTPPASS a4590261
OFFLINEK 1
PERSINST 1
DIRATTRIB 0
PDNS 127.0.0.1:localhost
CHIDED 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE Error 0x334222F. File already running
FTPSIZE 10
FAKEMSG 1
PERS 1
SH3 1
CHANGEDATE 0
CHIDEF 1
FTPROOT /Keylogger/
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-ANPNX2B
MSGTITLE Error
FTPUSER a4590261
FILEATTRIB 0
COMBOPATH 7
FTPHOST 31.170.160.88
FTPUPLOADK 1
MELT 1
PWD tq5bb3leogpb
NETDATA avrammarian13.no-ip.org:1604
SH9 1
SH1 1
GENCODE ySgdSKSjPAX5
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

50 out of 53 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
avrammarian13.no-ip.org 0
Geo Location
Yara Rules
Comments
comments powered by Disqus