Details
Malware Family DarkComet
Date Added Feb. 7, 2016, 10:12 p.m.
MD5 eaa1e05de8c6057d341bc433af9d3e2a
Sha256 7dcb747a1c61ed379a713a9676af495e8461221cedb353231492694c63d446b0
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 16
FTPPORT 14147
FWB 1
MELT 1
INSTALL 1
SID Guest16
FTPPASS
PERSINST 1
DIRATTRIB 295
CHIDEF 1
CHIDED 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
PERS 1
SH3 1
CHANGEDATE 1
SH1 1
FTPROOT /
SH10 1
KEYNAME Java(TM)
MUTEX DC_MUTEX-4Y8A8DB
MSGTITLE Driverjockey 3.2.07
FTPUSER Liushena
FILEATTRIB 295
OVDNS 1
COMBOPATH 3
FTPHOST 127.0.01
BIND 1
FTPUPLOADK 1
EDTDATE 28/04/2009
PWD fuckyou
NETDATA ahmedgemu.zapto.org:1604
MSGCORE Driver initailization has failed. Please try the update again
PDNS 127.0.0.1:localhost
OFFLINEK 1
GENCODE EqPNE9vh%.zb
EDTPATH Sun\Java\jqs.exe
Advertising
VirusTotal

48 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
ahmedgemu.zapto.org 197.34.247.195 EG
Geo Location
Yara Rules
Comments
comments powered by Disqus