Extracted

• • Target

    FPSgamefix.exe

  • Size

    251KB

  • MD5

    3f17ff4d31f35de16855e3a500c254c9

  • SHA1

    ebeb7aa5f9fe1d8288277d11918f06525a3c7dc7

  • SHA256

    aa8881fdcaa08ae11809accd75aa3a17c59cc1d711927bcef1210502dc99464f

  • SHA512

    cb3dad781a54aadbb600c46c76b58a8f02f5a6e93eb368d6d83165f59db2f5007ec6d9617a2621fb0920f9d99f0964e2c61b4b84d5abe85211b7dd2eb084f62e

  • SSDEEP

    6144:1cNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37Vkv:1cW7KEZlPzCy37Vw

  Score

  10^/10

  darkcometguest16persistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1