Details
FileName | |
---|---|
Malware Family | DarkComet |
Date Added | 2016-04-22 06:28:28 |
MD5 | ae74278ef65b64270e3b370e5a8b1346 |
Sha256 | 37da446df393b11955be4b338f570fa71600f182ab74f40a4178be7e33896584 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPSIZE | 200 |
---|---|
SH10 | 1 |
MUTEX | DC_MUTEX-F5R4K4B |
SH9 | 1 |
DIRATTRIB | 0 |
FTPPORT | 21 |
CHIDEF | 1 |
FAKEMSG | 1 |
SID | Ti |
OVDNS | 1 |
BIND | 1 |
SH8 | 1 |
MSGICON | 16 |
SH6 | 1 |
CHIDED | 1 |
FTPROOT | / |
MSGTITLE | Windows! |
PERS | 1 |
OFFLINEK | 1 |
MSGCORE | 4572726F722023313432 |
CHANGEDATE | 1 |
KEYNAME | WindowsServer |
PDNS | zzcc1212.codns.com:localhost|121.67.32.98:localhost |
PERSINST | 1 |
EDTPATH | GTAVV\msdcsc.exe |
MELT | 1 |
COMBOPATH | 2 |
FILEATTRIB | 6 |
GENCODE | z0YryJHkPB8H |
NETDATA | metin2updateserver.sytes.net:1663 |
FTPUPLOADK | 1 |
SH1 | 1 |
FWB | 0 |
SH7 | 1 |
FTPPASS | 112730500 |
FTPHOST | ftp.hospitalsanbernardo.com.ar |
PWD | 112730500 |
FTPUSER | root@hospitalsanbernardo.com.ar |
SH4 | 1 |
SH5 | 1 |
EDTDATE | 09/11/2015 |
SH3 | 1 |
INSTALL | 1 |
Virustotal
53 out of 57 AV Engines identified the sample as Malicious.