Hi Left123,
DarkComet Rat Download site is being associated with unknown_html_RFI_shell and TR/ATRAPS.Gen malware.
See here:
http://hosts-file.net/default.asp?s=www.darkcomet-rat.com%2Fclassification: EMD
EMD - sites engaged in malware distribution
This classification is assigned to website's engaged in the distribution of malware (e.g. adware, spyware, trojans and viruses etc).
Sites with this classification typically either contain files (e.g. cracks, keygens, adware, spyware, trojans, viruses et al) or lead to such via (for example) "fake scanners" or other social engineering and misleading tactics. This includes the activities of rogue Internet Service Providers (ISPs) that host other sites to which the EMD classification applies.
Even the remover is not beyond suspicion:
https://www.virustotal.com/url/76d538c26639e8ed6a0c5ef2dec39844ab9f4e96ffcde28c037e0ba6bbbe1b75/analysis/1336313749/See:
http://anubis.iseclab.org/?action=result&task_id=1888482bbfa99c39449eda88038c30b59&format=htmlWhat I spotted there at first glance to be suspicious in this analysis:
aspects of ecops_virus like behavior -
unexpected heap corruption issue -
firewall disabling properties via HKLM\SOFTWARE\CLASSES\CLSID\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}\INPROCSERVER32 %SystemRoot%\system32\zipfldr.dll -
UltaSurf Zone Settings -
SPR Fraud ProviderId.
Comodo Instant Malware Analysis could not handle it. Tool gives unexecutable as an AutoAnalysis Verdict.
But given clean here:
htxp://darkcomet-rat.com/downloads/DarkCometRemover.zip redirects to htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip
Checking: htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip
Engine version: 7.0.1.2210
Total virus-finding records: 2837272
File size: 951.90 KB
File MD5: 70fc6e16151a54a04001a60cbac04d1c
htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip - archive ZIP
>htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip/DarkComet Remover/DarkCometRAT Remover.exe packed by FLY-CODE
>>htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip/DarkComet Remover/DarkCometRAT Remover.exe packed by FLY-CODE
>>>htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip/DarkComet Remover/DarkCometRAT Remover.exe - archive ZLIB
>>>>htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip/DarkComet Remover/DarkCometRAT Remover.exe/data001 - Ok
>>>>htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip/DarkComet Remover/DarkCometRAT Remover.exe/data002 - Ok
>>>htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip/DarkComet Remover/DarkCometRAT Remover.exe - Ok
>hxtp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip/DarkComet Remover/readme.txt - Ok
htxp://www.darkcomet-rat.com/downloads/DarkCometRemover.zip - Ok
polonus