× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 858fb1fc03614802aee5be779b454b16384a1c051f925dbb360e8fcfa12fc6a3
File name: DarkCometRAT531.zip
Detection ratio: 35 / 41
Analysis date: 2012-07-08 20:31:23 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
AntiVir SPR/Binder.bs.1 20120708
Antiy-AVL HackTool/Win32.Binder.gen 20120708
Avast Win32:Malware-gen 20120708
AVG Downloader.Small 20120708
BitDefender Trojan.Generic.KDV.388330 20120708
CAT-QuickHeal HackTool.Binder.bv (Not a Virus) 20120708
Commtouch W32/Backdoor2.HKXU 20120707
Comodo UnclassifiedMalware 20120708
DrWeb Trojan.MulDrop2.39589 20120708
Emsisoft HackTool.Win32.Binder!IK 20120708
eSafe Win32.TRCrypt.XPACK 20120708
F-Prot W32/Backdoor2.HKXU 20120707
F-Secure Trojan.Generic.KDV.388330 20120708
Fortinet W32/Binder 20120707
GData Trojan.Generic.KDV.388330 20120708
Ikarus HackTool.Win32.Binder 20120708
Jiangmin HTool.Agent.bgt 20120708
Kaspersky HackTool.Win32.Binder.bv 20120708
McAfee Artemis!C3009EE63BC6 20120708
McAfee-GW-Edition Artemis!D761F3AA6406 20120708
Microsoft VirTool:Win32/Vbinder.CO 20120708
NOD32 a variant of Win32/TrojanDropper.Binder.NBH 20120708
Norman W32/Suspicious_Gen2.RVMLK 20120708
nProtect Trojan.Generic.KDV.388330 20120708
Panda Trj/CI.A 20120708
Rising Trojan.Win32.Generic.12867F48 20120706
Sophos AV Mal/Generic-L 20120708
Symantec Trojan.Gen 20120708
TheHacker Trojan/Dropper.Binder.nbh 20120708
TotalDefense Win32/Tnega.AGBZ 20120707
TrendMicro TROJ_SPNR.15KL11 20120708
TrendMicro-HouseCall TROJ_GEN.R3ECDFF 20120708
VBA32 Binder.Celesty 20120706
VIPRE Trojan.Win32.Generic!BT 20120708
VirusBuster HackTool.Binder!uc8D13KnW4U 20120708
ByteHero 20120626
ClamAV 20120708
K7AntiVirus 20120706
PCTools 20120708
SUPERAntiSpyware 20120708
ViRobot 20120708
The file being studied is a compressed stream! More specifically, it is a ZIP file.
Interesting properties
The studied file contains at least one Portable Executable.
Contained files
Compression metadata
Contained files
193
Uncompressed size
26846249
Highest datetime
2012-06-07 18:01:12
Lowest datetime
2005-12-13 09:52:54
Contained files by extension
skn
131
ico
31
ini
11
exe
3
txt
3
jpg
2
dpr
1
res
1
dll
1
dat
1
Contained files by type
unknown
179
directory
8
Portable Executable
4
JPG
2
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
Plugins SRC/

ZipBitFlag
0

ZipModifyDate
2012:03:16 15:23:20

PE resource-wise parents
Compressed bundles
File identification
MD5 86ae13f5f7b56596101ba1ee2ab8963e
SHA1 d926b75b7814ac44d611c620ea00789263e7832f
SHA256 858fb1fc03614802aee5be779b454b16384a1c051f925dbb360e8fcfa12fc6a3
ssdeep
393216:3MNtT9qkAwEcHmqx/aW4av8+dNPCvZWvWy8za3/gExHodCcDfYwlc:0dAbcHmqaNav8SVCRWv78za34mHo8cDE

File size 14.9 MB ( 15634940 bytes )
File type ZIP
Magic literal
Zip archive data, at least v1.0 to extract

TrID ZIP compressed archive (100.0%)
Tags
contains-pe zip via-tor

VirusTotal metadata
First submission 2012-06-07 16:25:55 UTC ( 5 years, 3 months ago )
Last submission 2017-08-26 12:30:46 UTC ( 3 weeks, 3 days ago )
File names 531.zip
DarkCometRAT531.zip.part
DARKCO~2_1.ZIP
Darkcometrat531.zip
darkcometrat531 sure.zip
fdjhfr - Kopie (6).zip
DarkCometRAT531 هوة.zip
output.9398126.txt
file-4261957_zip
00000005
DarkCometRAT531z.zip
DarkCometRAT531.exe
8871700
DarkCometRAT53.1.zip
Darkcomet RAT 5.31.zip
1342319517.zip
DarkCometRAT531.zip
DARKCOMET 5.3.1.ZIP
DarkCometRAT5312b.zip
DarkComet.zip
DarkCometRAT531-clean.zip
دارك كوميت انجليزي.zip
DarkCometRAT531 completo.zip
zip.zip
DarkCometRAT531(D).zip
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0715.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!