Details
Malware Family DarkComet
Date Added Aug. 17, 2015, 8:35 p.m.
MD5 b8f041d592a49b0dd6d3fe282010657a
Sha256 2fa277455165f6a45f9ca14c21a3231a229c0f2d133a362b6794b0d53028d021
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 0
CHIDEF 1
MSGTITLE Installation erfolgreich!
FTPPORT
FWB 1
SH6 1
MSGCORE 44657220437261636B207775726465206572666F6C67726569636820696E7374616C6C69657274210D0A5669656C20537061DF
FTPROOT
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-JZSLNSG
MELT 0
INSTALL 1
SID Guest16
SH4 1
FTPPASS
PERSINST 1
DIRATTRIB 0
SH1 1
CHIDED 1
FTPUSER
SH5 1
COMBOPATH 2
FTPHOST
SH8 1
FILEATTRIB 0
FTPUPLOADK
SH7 1
FAKEMSG 1
EDTDATE 16/04/2015
PERS 1
PWD
NETDATA 2455.ddns.net:1604
SH9 1
OFFLINEK 1
GENCODE Vo1gvDQnmWhH
FTPSIZE
CHANGEDATE 0
EDTPATH MSDCSC\msdcsc.exe
Advertising
VirusTotal

48 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
2455.ddns.net 77.4.205.225 DE
Geo Location
Yara Rules
Comments
comments powered by Disqus