AR34
Released 19 years, 10 months ago. December 2004
Copyright © MegaSecurity
By unsticky
Informations
| Author | unsticky |
| Family | AR34 |
| Category | Information Stealer |
| Version | AR34 |
| Released Date | Dec 2004, 19 years, 10 months ago. |
| Language | Visual Basic, compressed with UPX |
Additional Information
dropped file:
c:\WINDOWS\system32\msps.exe
size: 15.872 bytes
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"
data: C:\WINDOWS\system32\msps.exe
tested on Windows XP
December 12, 2004
Author Information / Description
Name: AR34
Class: Trojan / Password Stealer(?)
Author: unsticky
Build Date: Nov 27, 2004
Compiled in: Visual Basic 6
Packed in: UPX
File Size: 15.5 kb
Features:
+Copy to system32 using encrypted file name
+Delete intial server and run copy.
+Add to Startup
+Hide from TaskManager
+AV Killing - Ad-Aware, Norton, and McAfee
+Firewall Killing - ZoneAlarm, Kerio, and Windows
+System Tool Killing - TaskManager, MSConfig, RegEdit, SystemRestore, and Command Prompt
+Grab AIM MD5 Hashes and TestBuddy Passwords
+Grab External and Internal IPs
+Log Hashes, Passwords, Host Name, and IPs to encrypted hardcoded website.
unstickyIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.