Details
Malware Family DarkComet
Date Added Jan. 30, 2016, 3 a.m.
MD5 a2babc8bf0052818c0288dd4695d4f47
Sha256 4d3732f5cd1ee39ef36ecb7cd611943fdbaad1dfe2ffa152a1ccfee723fd6673
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID Guest16_min
FTPPASS 456456
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /systemfile/
SH10 1
KEYNAME .a
MUTEX DCMIN_MUTEX-VJ668S4
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA 127.0.0.1:1177
GENCODE 8xa3AhFGjpVU
EDTPATH DCSCMIN\IMDCSC.exe
MSGICON 64
FTPPORT 21
INSTALL 1
PERSINST 0
DIRATTRIB 6
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 57656C636F6D6520746F204461726B436F6D6574205241542E0D0A496620796F75207365652074686973206D6573736167652C206974206D65616E73207468652073747562207375636365737366756C6C792072756E7320616E6420796F752077696C6C206170656172200D0A696E20746865206D61737465722075736572206C6973742E0D0A
FTPSIZE 10
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 127.0.0.1:localhost
MSGTITLE This is test mode!
FTPUSER apkboost
OVDNS 1
COMBOPATH 7
FTPHOST apkboost.com
BIND 1
FTPUPLOADK 1
MELT 0
PWD KingKit777
SH9 1
OFFLINEK 1
Advertising
VirusTotal

47 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus