Darkcomet Rat Legacy 5.4.1.f
Melva Simons
The DarkComet-RAT-6 legacy.exe file has a ZIP icon and the file Properties show that this is a SFX ZIP archive (A self-extracting ZIP archive in other words). The size of the SFX module size is 659,092 bytes.
The normal size of the legit SFX module is 156,672 bytes, in the DarkComet-RAT-6 legacy.exe the size is 659,092 bytes, pretty much the size of keygen active.exe. Not to mention that both files have the same properties.
DarkComet is a widely known piece of malware. If a user installs an antivirus, or a darkcomet remover, they can un-infect their computer quickly. Its target machines are typically anything from Windows XP, all the way up to Windows 10.
The SFX contains a lot of junk commands (for bypassing legacy security solutions) but in the in the middle it hides the command to auto-execute dmpbr.exe with parameter dhwdv.gko. This is one of the files in the SFX.
.pif is legacy from MS-DOS, like .com. It's intended to be a "program information file" (hence the name), storing a shortcut to a (DOS) program along with various info to the system on how to treat it. Even today, Windows gives .pif files a shortcut-type icon.
aa06259810