Details
Malware Family DarkComet
Date Added May 25, 2016, 3 a.m.
MD5 91086cf097d80bc99c13661ed41ac116
Sha256 338794e0ea0147b3d0df82993c448e33233da6d6df3c2f373cafa2348626c0f3
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 1
SID Guest16
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-TLUPT8D
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA nohappy.ddns.net:1604
GENCODE UJMWsZbSaRHY
EDTPATH MSDCSC\msdcsc.exe
MSGICON 64
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE D8F3F2EAE020EDEEF0EC20E4E03F29
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 127.0.0.1:localhost
MSGTITLE Welcome
FTPUSER username
OVDNS 1
COMBOPATH 2
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 1
PWD 1031996at
SH9 1
OFFLINEK 1
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
nohappy.ddns.net 85.140.0.214 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus