A forum for reverse engineering, OS internals and malware analysis 

Win32/Fynloski (DarkComet)

Forum for analysis and discussion about malware.

Re: Backdoor:Win32/Fynloski.A

 #16493  by nullptr
 Thu Nov 08, 2012 5:20 am
Win32/Fynloski.A
MD5: D34397E14F7746A731C3161A6F1A220F
SHAH-1: 5E24DB5DE7594A8FA9BC54063AFF45EF34EF28B4

MSIL Crypter + extracted delphi executable attached.
Attachments
pwd: infected
(591.7 KiB) Downloaded 96 times

Re: Win32/Spatet

 #16865  by Win32:Virut
 Tue Nov 27, 2012 2:22 pm
SHA256: C3DE5BBB130415910819B6C0374483B06092FD1D92EC6737F9AE51A0A5902021
SHA1: 6340AC27E6D1A262D273A85C3AF3BA367F4291A5
MD5: 0BE3105F22AAF4A2FFF1E3300F3EA167
File size: 1.7 MB

https://www.virustotal.com/file/c3de5bb ... /analysis/

Informations (Polish): http://niebezpiecznik.pl/post/twoje-kon ... blokowane/

Sorry posted in wrong thread.
Attachments
Password is "infected" without quotes.
(1.31 MiB) Downloaded 100 times

Re: Win32/Fynloski (DarkComet)

 #19170  by Xylitol
 Thu May 02, 2013 9:05 pm
https://www.virustotal.com/fr/file/fcf2 ... 367528624/
Code: Select all
#BEGIN DARKCOMET DATA --
PWD={XXX}
MUTEX={DC_MUTEX-D6CXM58}
SID={X}
FWB={0}
NETDATA={5.135.218.244:1604}
GENCODE={vEQ8xQwBqDVy}
SH1={1}
CHIDEF={1}
CHIDED={1}
PERS={1}
OFFLINEK={1}
#EOF DARKCOMET DATA --
Attachments
infected
(339.37 KiB) Downloaded 88 times

Re: Win32/Fynloski (DarkComet)

 #19569  by Xylitol
 Fri Jun 07, 2013 11:54 am
https://www.virustotal.com/en/file/395d ... 370605951/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-62DVVCL}
SID={lavan}
FWB={0}
NETDATA={sarahsexyxo.no-ip.biz:1604}
GENCODE={6syg0vDTBSwL}
INSTALL={1}
COMBOPATH={7}
EDTPATH={MSDCSC\msdcsc.exe}
KEYNAME={MicroUpdate}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={0}
CHANGEDATE={0}
DIRATTRIB={0}
FILEATTRIB={0}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/19e1 ... 370605960/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-1XNQ69V}
SID={PokBot}
FWB={0}
NETDATA={hackgs.no-ip.org:1604|hackgs.no-ip.org:93|hackgs.no-ip.org:94}
GENCODE={0LGYVhtuCi4W}
INSTALL={1}
COMBOPATH={2}
EDTPATH={MSDCSC\WinUpdata.exe}
KEYNAME={WinUpdate}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={1}
CHANGEDATE={1}
DIRATTRIB={6}
FILEATTRIB={6}
SH1={1}
CHIDEF={1}
CHIDED={1}
PERS={1}
OFFLINEK={1}
#EOF DARKCOMET DATA --
Attachments
infected
(689.33 KiB) Downloaded 94 times

Re: Win32/Fynloski (DarkComet)

 #19573  by Xylitol
 Sat Jun 08, 2013 7:45 pm
https://www.virustotal.com/fr/file/2e68 ... 370720665/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-UTVVBFM}
SID={Server1}
FWB={0}
NETDATA={kondns1.dyndns.org:82}
GENCODE={t4bjt63XYrRQ}
INSTALL={1}
COMBOPATH={1}
EDTPATH={MSDCSC\msdcsc.exe}
KEYNAME={MicroUpdate}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={0}
CHANGEDATE={1}
DIRATTRIB={0}
FILEATTRIB={6}
SH1={1}
PERS={1}
OFFLINEK={1}
#EOF DARKCOMET DATA --
Attachments
infected
(339.6 KiB) Downloaded 86 times

Re: Win32/Fynloski (DarkComet)

 #19619  by Xylitol
 Wed Jun 12, 2013 9:28 pm
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-UTVVBFM}
SID={Server1}
FWB={0}
NETDATA={kondns1.dyndns.org:82}
GENCODE={t4bjt63XYrRQ}
INSTALL={1}
COMBOPATH={1}
EDTPATH={MSDCSC\msdcsc.exe}
KEYNAME={MicroUpdate}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={0}
CHANGEDATE={1}
DIRATTRIB={0}
FILEATTRIB={6}
SH1={1}
PERS={1}
OFFLINEK={1}
#EOF DARKCOMET DATA --
Attachments
infected
(339.6 KiB) Downloaded 74 times

Re: Win32/Fynloski (DarkComet)

 #19623  by Xylitol
 Thu Jun 13, 2013 10:21 am
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-A2SAQAK}
SID={Guest16}
FWB={0}
NETDATA={185.17.1.187 :67}
GENCODE={mGutNVqlyKKD}
OFFLINEK={1}
#EOF DARKCOMET DATA --
Attachments
infected
(339.3 KiB) Downloaded 75 times

Re: Win32/Fynloski (DarkComet)

 #19660  by Xylitol
 Sat Jun 15, 2013 7:09 pm
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-0X7YBZA}
SID={Kieran}
FWB={0}
NETDATA={kieranbradley.no-ip.org:4444}
GENCODE={BArK9zXkrN2e}
OFFLINEK={1}
#EOF DARKCOMET DATA --
Attachments
infected
(339.31 KiB) Downloaded 75 times

Re: Win32/Fynloski (DarkComet)

 #19733  by Xylitol
 Sun Jun 23, 2013 12:31 am
https://www.virustotal.com/en/file/e3a2 ... 371946126/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-88V81ZH}
SID={FUD Bitch}
FWB={0}
NETDATA={braxidy.no-ip.org:200}
GENCODE={qWhWcQ9i19PQ}
INSTALL={1}
COMBOPATH={7}
EDTPATH={Windows User Files/Explorer.exe}
KEYNAME={WindowsUptodate.exe}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={0}
CHANGEDATE={0}
DIRATTRIB={0}
FILEATTRIB={0}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/48d0 ... 371946267/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DCMIN_MUTEX-THBBDM1}
SID={gamers}
NETDATA={static123.no-ip.info:7777}
GENCODE={uT1KvRyfgiVH}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/7527 ... 371946337/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-L7XFM27}
SID={alve friend 1606}
FWB={0}
NETDATA={yahmed1984.no-ip.org:1604}
GENCODE={LdtmusLc3raH}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/ec57 ... 371946443/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-770HWN7}
SID={Guest16}
FWB={0}
NETDATA={127.0.0.1:1605}
GENCODE={56VkEkBuithb}
INSTALL={1}
COMBOPATH={7}
EDTPATH={MSDCSC\msdcsc.exe}
KEYNAME={MicroUpdate}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={0}
CHANGEDATE={0}
DIRATTRIB={6}
FILEATTRIB={6}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/1177 ... 371946564/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-LSC4QZY}
SID={Guest16}
FWB={0}
NETDATA={127.0.0.1:1605}
GENCODE={PaZP7rhvLeVb}
INSTALL={1}
COMBOPATH={7}
EDTPATH={MSDCSC\msdcsc.exe}
KEYNAME={MicroUpdate}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={0}
CHANGEDATE={0}
DIRATTRIB={6}
FILEATTRIB={6}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/bcda ... 371947052/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-GEGD3W6}
SID={Guest16}
FWB={0}
NETDATA={BenSummy123:1605}
GENCODE={8eRzghvp6cJT}
INSTALL={1}
COMBOPATH={7}
EDTPATH={MSDCSC\msdcsc.exe}
KEYNAME={MicroUpdate}
EDTDATE={16/04/2007}
PERSINST={1}
MELT={0}
CHANGEDATE={0}
DIRATTRIB={6}
FILEATTRIB={6}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/8ba2 ... 371946709/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DCMIN_MUTEX-JGXXKQT}
SID={Matrix}
NETDATA={projecthax.no-ip.org:1337}
GENCODE={P2R3EWlNaH7K}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/aa8b ... 371946792/
Code: Select all
#BEGIN DARKCOMET DATA --
PWD={XXX}
MUTEX={DC_MUTEX-44W4XXU}
SID={DARK}
FWB={0}
NETDATA={46.105.232.202:1604}
GENCODE={DdfgcR07bnJk}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/e649 ... 371946878/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-8M2TVNC}
SID={V3}
FWB={0}
NETDATA={adrif68.no-ip.org:90|adrif.civispacemparabellum.com:90}
GENCODE={W3lkc5uvoeyq}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/8a79 ... 371946954/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-0X7YBZA}
SID={Kieran}
FWB={0}
NETDATA={kieranbradley.no-ip.org:4444}
GENCODE={BArK9zXkrN2e}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/05fe ... 371947143/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-MH12X25}
SID={V1}
FWB={0}
NETDATA={82.229.170.193:93}
GENCODE={Pq44nswVq0aR}
OFFLINEK={1}
#EOF DARKCOMET DATA --
https://www.virustotal.com/en/file/e9a9 ... 371947265/
Code: Select all
#BEGIN DARKCOMET DATA --
MUTEX={DC_MUTEX-424EPX9}
SID={Guest16}
FWB={0}
NETDATA={cheeseonpotato.zapto.org:1604}
GENCODE={wDW18Ct0WQWn}
PERS={1}
OFFLINEK={1}
#EOF DARKCOMET DATA --
Attachments
infected
(5.44 MiB) Downloaded 80 times
 Return to “Malware”