Details
Malware Family DarkComet
Date Added Feb. 7, 2016, 10:12 p.m.
MD5 eaebfd4635adadbacf4d05243dd89987
Sha256 d25c36f2ea37a5c36798b11f21ecf5d631855eec080e9e8686d65862f086b68b
Robot Robots lovingly delivered by robohash.org
Config Sections
MSGICON 0
FTPPORT 14147
FWB 0
MELT 1
INSTALL 1
SID Guest16
FTPPASS
PERSINST 1
DIRATTRIB 0
CHIDEF 1
CHIDED 1
SH4 1
SH5 1
SH6 1
SH7 1
SH8 1
SH9 1
FTPSIZE 10
FAKEMSG 1
PERS 1
SH3 1
CHANGEDATE 1
SH1 1
FTPROOT /
SH10 1
KEYNAME winupdater
MUTEX DC_MUTEX-F54S21D
MSGTITLE PISUN
FTPUSER Liushena
FILEATTRIB 0
OVDNS 1
COMBOPATH 0
FTPHOST 127.0.01
BIND 1
FTPUPLOADK 1
EDTDATE 16/04/2007
PWD 0123456789
NETDATA maludoida.no-ip.biz:1604
MSGCORE 57656C636F6D6520746F204461726B436F6D6574205241542E
PDNS 127.0.0.1:localhost
OFFLINEK 1
GENCODE R=Gbqub6K0W
EDTPATH Windupdt\winupdate.exe
Advertising
VirusTotal

48 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
maludoida.no-ip.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus