Details
Malware Family DarkComet
Date Added April 23, 2016, 3 a.m.
MD5 c42b5f2966de0074048fb92d1bddf749
Sha256 1644f0107ce8247824a7b6c30c1f9d92831253a4dad84a4a2a113083adfad0e5
Robot Robots lovingly delivered by robohash.org
Config Sections
FWB 0
SID PC
FTPPASS ExpExpExp11
CHIDEF 1
CHIDED 1
PERS 1
FTPROOT /
SH10 1
KEYNAME MicroUpdate
MUTEX DC_MUTEX-VMUWAPV
FILEATTRIB 6
EDTDATE 16/04/2007
NETDATA gggd.ddns.net:1604
GENCODE VRzqvr8jJjQd
EDTPATH MSDCSC\msdcsc.exe
MSGICON 48
FTPPORT 21
INSTALL 1
PERSINST 1
DIRATTRIB 0
SH1 1
SH3 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
MSGCORE 4572726F72203639360D0A496620796F75207365652074686973206D6573736167652C206974206D65616E73207468652073747562207375636365737366756C6C792072756E7320616E6420796F752077696C6C206170656172200D0A696E20746865206D61737465722075736572206C6973742E0D0A
FTPSIZE 1
FAKEMSG 1
MULTIBIND 1
CHANGEDATE 0
PDNS 127.0.0.1:localhost
MSGTITLE Welcome
FTPUSER a5205743
OVDNS 1
COMBOPATH 7
FTPHOST veryneed.net16.net
BIND 1
FTPUPLOADK 1
MELT 1
PWD 123
SH9 1
OFFLINEK 1
Advertising
VirusTotal

46 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
gggd.ddns.net 46.36.15.100 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus