Details
Malware Family DarkComet
Date Added Aug. 15, 2015, 5:36 p.m.
MD5 d23e8e792149b51b6b876b0414ea0eb6
Sha256 638c7f53a2e0e4041d1ecec024b6d1d2ce3d9e5364207da9396ab01879544ae3
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
CHIDEF 1
MSGTITLE Eror
FTPPORT
FWB 0
SH6 1
FTPROOT
KEYNAME MicroUpdate
MUTEX DC_MUTEX-R0FHB8M
MELT 0
INSTALL 1
SID Guest16
FTPPASS
PERSINST 0
DIRATTRIB 6
SH1 1
CHIDED 1
FTPUSER
SH5 1
COMBOPATH 3
FTPHOST
FILEATTRIB 6
FTPUPLOADK
FAKEMSG 1
EDTDATE 16/04/2007
PWD
NETDATA lusa.ddns.net:1604|krasava44.ddns.net:1604
MSGCORE CDE520E4EEF1F2F3EFE5ED20
OFFLINEK 1
GENCODE yPMDYS5jnppa
FTPSIZE
CHANGEDATE 0
EDTPATH MSDCSC\svchost.exe
Advertising
VirusTotal

48 out of 56 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
lusa.ddns.net 46.19.67.54 RU
Geo Location
Yara Rules
Comments
comments powered by Disqus