Details
Malware Family DarkComet
Date Added Feb. 1, 2016, 9:47 p.m.
MD5 937c02ec209a8333ec7fcab3f4feef3c
Sha256 e358ef88d2fbd5efea4195444ff8244b6d94ce41fad195a2205868ce0a31eeca
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16
FTPPASS 0123456789
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-U8ZLUVU
FILEATTRIB 2
EDTDATE 16/04/2007
NETDATA elliniams.no-ip.biz:3213
GENCODE wJG5Hf1DZj3V
EDTPATH MSDCSC\msdcsc.exe
MSGICON 16
FTPPORT 21
INSTALL 1
PERSINST 0
DIRATTRIB 0
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 127.0.0.1:arabian.ddns.net
MSGTITLE WARNING
FTPUSER username
OVDNS 1
COMBOPATH 7
FTPHOST ftp.yourhost.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD hacker
MSGCORE 557064617465204D61706C6573746F7279
OFFLINEK 1
Advertising
VirusTotal

49 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
elliniams.no-ip.biz 74.56.210.143 CA
Geo Location
Yara Rules
Comments
comments powered by Disqus