Gridinsoft Logo
File Icon

Uploaded_file Backdoor DarkKomet Analysis

Updated 1 year ago
Checked by Malware Check
uploaded_file

Technical Analysis

File Name uploaded_file
Scanner Version 1.0.137.174
Database Version 2023-09-10 01:17:41 UTC

Backdoor.Win64.DarkKomet.vb!s1

Malware family: DarkKomet

DarkComet is a Remote Access Trojan that was misused for unauthorized system control and surveillance activities. Originally intended for legitimate purposes, it was discontinued in 2018 due to its role in surveillance operations during the Syrian conflict.
N/A
Detection Rate
1,144,832
File Size (bytes)
2023-09-10
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
efebe6072187368183e14c2d561624dc
SHA1
c0ef36b220a235a12eb610edf616db7a8b02c3fc
SHA256
cd4f0b526d8f4d2cbc8eb91893b86f2eb767a8cf1982a235c8d4f28fb5ca235e
SHA512
40b15edfd8d5f5fd2b2fde78ff13ed47cd6b68f17f07b727858c134649a1851c464f2edaf48d8c9214a06d57711586afdd63742b7ba3c5f093c9964a7f9a2ab2
ImpHash
dc8ec03a26acfc254dbda5bcf512476c

PE Analysis

Basic Information

Icon
Hash: 5aedef7148b2942180c35a1ff113298a
Fuzzy: a686932a36dcd7ca272ce547802e1a7f
dHash: 646464646c646c0c
Image Base 0x140000000
Entry Point 0x1400a4488
Compilation Time 2018-01-10 08:32:36
Checksum 0x00000000 (Actual: 0x00119553)
OS Version 5.2
PEiD Signatures No signatures detected
Digital Signature The PE file does not contain a certificate table.
Imports 13 libraries
Exports 0 functions
Resources 27 Resources
Sections 7 Sections

Version Information

FileDescription
FileVersion 1.1.27.04
InternalName
LegalCopyright
OriginalFilename
ProductName
ProductVersion 1.1.27.04
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 793,484 bytes 793,600 bytes 6.53 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E3153C303C04CAC929D6F4F4B082C6E7
.rdata 0x000c3000 230,604 bytes 230,912 bytes 5.12 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 89B0DBE56B82EB1629DC575BCF72994D
.data 0x000fc000 48,548 bytes 14,336 bytes 3.25 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 12362E81756735F67C85E12769907B57
.pdata 0x00108000 28,644 bytes 28,672 bytes 6.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0E4D18E7C61D136088F29580072ABADC
.gfids 0x0010f000 236 bytes 512 bytes 1.99 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ EF90B4DAFDD26C45440265A0E8A8AB91
.tls 0x00110000 9 bytes 512 bytes 0.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1F354D76203061BFDD5A53DAE48D5435
.rsrc 0x00111000 75,100 bytes 75,264 bytes 5.03 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 415505D3A8B289BFBD5552AE0CD2CBFC
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 27 (73,576 bytes)
Resource Type Count Total Size Percentage
RT_ICON 15 70,480 bytes
95.8%
RT_MENU 1 712 bytes
1%
RT_DIALOG 1 232 bytes
0.3%
RT_ACCELERATOR 1 72 bytes
0.1%
RT_RCDATA 1 167 bytes
0.2%
RT_GROUP_ICON 6 246 bytes
0.3%
RT_VERSION 1 508 bytes
0.7%
RT_MANIFEST 1 1,159 bytes
1.6%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Backdoor.Win64.DarkKomet.vb!s1 Removal

Gridinsoft has the capability to identify and eliminate Backdoor.Win64.DarkKomet.vb!s1 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware