Categories: Backdoor

What is “Backdoor.Win32.DarkKomet.glhj”?

The Backdoor.Win32.DarkKomet.glhj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.DarkKomet.glhj virus can do?

Injection (inter-process)
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Sniffs keystrokes
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Interacts with known DarkComet registry keys
Attempts to disable UAC
The sample wrote data to the system hosts file.
Creates known Fynloski/DarkComet mutexes
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor.Win32.DarkKomet.glhj?


File Info:
crc32: 948B4000md5: 84cc9af6101f3cbf7fbad42c76ed5c57name: 84CC9AF6101F3CBF7FBAD42C76ED5C57.mlwsha1: c531ee465a90a361bf50106314b18917cc228d30sha256: 3a559b5d15021a1e6784979661dc33303aee9e310c5bdfbb36fbae1711641f98sha512: a62ed7973cffc253084f18b6cb23de2164e13cb5c1ddc2d6c90d97ba0aee1eae5a494717502cf7c36ebdbecad0296f223aa3ffbd2cb6949dce6161c86561eee9ssdeep: 3072:bxeUvKkOZw5N7vTTarbV31axt0nZRBMqrnSUh2wz4oZ6fwpwVEpULFHQ8hOXh1S:bjlhvT+Gc3Lhnz6wQpFH3hOXhYoQfQtype: MS-DOS executable, MZ for MS-DOS
Version Info:
LegalCopyright: Copyright (C) 1999InternalName: MSRSAAPPFileVersion: 1, 0, 0, 1CompanyName: Microsoft Corp.Comments: Remote Service ApplicationProductName: Remote Service ApplicationProductVersion: 4, 0, 0, 0FileDescription: Remote Service ApplicationOriginalFilename: MSRSAAP.EXETranslation: 0x0409 0x04b0

Backdoor.Win32.DarkKomet.glhj also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.UserStartup.um0@auYYeBpm
FireEye	Generic.mg.84cc9af6101f3cbf
McAfee	Generic BackDoor.yl
Malwarebytes	Backdoor.DarkComet
VIPRE	Trojan.Win32.Generic.pak!cobra
Sangfor	Malware
K7AntiVirus	Trojan ( 7000000f1 )
BitDefender	Gen:Trojan.UserStartup.um0@auYYeBpm
K7GW	Trojan ( 7000000f1 )
Cybereason	malicious.6101f3
BitDefenderTheta	AI:Packer.57BC10701C
Cyren	W32/S-777a0fdc!Eldorado
Symantec	Backdoor.Breut!gm
Baidu	Win32.Backdoor.Agent.l
APEX	Malicious
Avast	Win32:Evo-gen [Susp]
ClamAV	Win.Trojan.DarkKomet-1
Kaspersky	Backdoor.Win32.DarkKomet.glhj
NANO-Antivirus	Trojan.Win32.Delf.vudbk
Rising	Backdoor.DarkComet!1.CB87 (CLASSIC)
Ad-Aware	Gen:Trojan.UserStartup.um0@auYYeBpm
Sophos	Mal/Fynloski-C
Comodo	TrojWare.Win32.TrojanDownloader.Delf.gen@1xqow5
F-Secure	Backdoor.BDS/Backdoor.Gen
DrWeb	BackDoor.Comet.94
Invincea	ML/PE-A + Mal/Fynloski-C
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.fc
Emsisoft	Trojan.Fynloski (A)
SentinelOne	Static AI – Malicious PE
Avira	BDS/Backdoor.Gen
MAX	malware (ai score=83)
Microsoft	Backdoor:Win32/Fynloski.A
Gridinsoft	Backdoor.Win32.Fynloski.vl!i
Arcabit	Trojan.UserStartup.E1AF32
ZoneAlarm	Backdoor.Win32.DarkKomet.glhj
GData	Gen:Trojan.UserStartup.um0@auYYeBpm
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/FCN.140610.X1341
Acronis	suspicious
VBA32	Backdoor.DarkKomet
ALYac	Gen:Trojan.UserStartup.um0@auYYeBpm
Panda	Trj/Genetic.gen
Zoner	Trojan.Win32.88734
ESET-NOD32	a variant of Win32/Fynloski.AS
Ikarus	Backdoor.Win32.Fynloski
eGambit	Unsafe.AI_Score_54%
Fortinet	W32/Delf.ZUY!tr
AVG	FileRepMalware
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	HEUR/QVM19.1.3FBB.Malware.Gen