Details
Malware Family DarkComet
Date Added Jan. 16, 2016, 3 a.m.
MD5 c5d4870a192002e6bf4bd1985cd26b08
Sha256 58780cb38a08495f8cae62df5698697274ce7b260d7ca793229b3608a5c21ed1
Robot Robots lovingly delivered by robohash.org
Config Sections
BIND 1
MSGICON 0
CHIDEF 1
MSGTITLE Welcome
FTPPORT 21
FWB 0
SH6 1
MSGCORE 57656C636F6D6520746F204461726B436F6D6574205241542E
FTPROOT /
SH10 1
KEYNAME WinDefend.exe
MUTEX DC_MUTEX-ARNBULX
MELT 0
INSTALL 1
SID Sammy
SH4 1
FTPPASS 0123456789
PERSINST 0
DIRATTRIB 7
SH1 1
CHIDED 1
FTPUSER username
SH5 1
COMBOPATH 2
FTPHOST ftp.yourhost.com
SH8 1
FILEATTRIB 7
FTPUPLOADK 1
SH7 1
FAKEMSG 1
EDTDATE 16/04/2007
PERS 1
PWD 237566
SH3 1
NETDATA dummheitpur.ddns.net:1604
SH9 1
PDNS dummheitpur.ddns.net:dummheitpur.ddns.net
OFFLINEK 1
GENCODE %7CDT+MGCiG=
FTPSIZE 10
CHANGEDATE 1
EDTPATH MSDCSC\mswindefend.exe
Advertising
VirusTotal

46 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
dummheitpur.ddns.net 0
Geo Location
Yara Rules
Comments
comments powered by Disqus