Multi-License Discount Quote

Change Region

English
Threat Database Backdoors Backdoor.Win32.DarkKomet.eku
1 Comment

Backdoor.Win32.DarkKomet.eku

By JubileeX in Backdoors

Threat Scorecard

Popularity Rank: 18,683
Threat Level: 60 % (Medium)
Infected Computers: 2,669
First Seen: May 1, 2013
Last Seen: May 8, 2026
OS(es) Affected: Windows

Backdoor.Win32.DarkKomet.eku is a dangerous and deceptive backdoor Trojan that may display repeated error messages while it conducts malicious actions without any indication to the computer user. Backdoor.Win32.DarkKomet.eku may produce outbound internet traffic and allow a remote attacker to connect to the infected computer. Through the connection, a remote hacker may be able to steal data from the system. It is essential that Backdoor.Win32.DarkKomet.eku be removed to reduce the risk of having data and the infected system compromised.

File System Details

Backdoor.Win32.DarkKomet.eku may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %System%\Minecraft\mc.exe

Analysis Report

General information

Family Name: Backdoor.DarkKomet.D
Signature status: No Signature

Known Samples

MD5: 9e09d99b7c232cb5a975423cd6ebcf2e
SHA1: a6daabe8d28f79c92e34c06772ca6a88f44fcc52
SHA256: D7F5445EC2A66126BEE1FBAA348880C2B95B761E8671A34EA5E4C2FAC3B98349
File Size: 1.30 MB, 1295202 bytes
MD5: 59fffbd53286e2c3d014ee3a1ef808ad
SHA1: b91ee42cd97c8f617eb50c595154ffa2eca9cf9b
SHA256: F1367A70CE82D8A276568D5935C75E645584B2F4F7424C523649B60D9C12010B
File Size: 3.48 MB, 3484160 bytes
MD5: 425eaba4000e91114f9f998c4a88079c
SHA1: 5c82f903cf74193cd3e5ad35d2d31583e77d3fa3
SHA256: 542E112408A76AAC750DD73B5E7CF530FF9905CDFB2318178CB0FC8DBEF0B195
File Size: 5.25 MB, 5253120 bytes
MD5: 0c93cc5ddd49f1cb3e935cda228e2dba
SHA1: f1c2c6308964c99cb685c4b8785333028b38e3c3
SHA256: 2BEB66A3EDE047423ADE3D7B6A2201E55C560DCD81EC95DBBF7DC82D03FCC581
File Size: 4.22 MB, 4215950 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Synaptics
File Description Synaptics Pointing Device Driver
File Version
  • 1.00
  • 1.0.0.4
Internal Name TJprojMain
Original Filename TJprojMain.exe
Product Name
  • Project1
  • Synaptics Pointing Device Driver
Product Version
  • 1.00
  • 1.0.0.0

File Traits

  • dll
  • x86

Block Information

Similar Families

  • Injector.KZC

Files Modified

File Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxfbab.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\a8ta9aa.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l5\3\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_5c82f903cf74193cd3e5ad35d2d31583e77d3fa3_0005253120 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_5c82f903cf74193cd3e5ad35d2d31583e77d3fa3_0005253120 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 降ȁ獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Service Control
  • OpenSCManager
Process Shell Execute
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
User Data Access
  • GetUserObjectInformation
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket

Shell Command Execution

runas c:\users\user\downloads\._cache_5c82f903cf74193cd3e5ad35d2d31583e77d3fa3_0005253120
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

1 Comment

Joshua Frasley Reply

Just got infected with it;/ Blocked task manager and regedit;(

Trending

Most Viewed

Loading...