CmdShell
Released 17 years, 6 months ago. May 2007
Copyright © MegaSecurity
By BlackCobra
Informations
| Author | BlackCobra |
| Family | CmdShell |
| Category | Remote Access |
| Version | CmdShell |
| Released Date | May 2007, 17 years, 6 months ago. |
| Language | Visual Basic |
Additional Information
Server:
dropped files:
c:\WINDOWS\system32\server.dll Size: 28,692 bytes
c:\WINDOWS\system32\yahoomessenger.exe Size: 50,705 bytes
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Updates"
data: C:\WINDOWS\yahoomessenger.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Updates"
data: C:\WINDOWS\System32yahoomessenger.exe
Tested on Windows XP
July 08, 2007
Author Information / Description
This application is based on the fwb injection technique
completely coded in vb. No c/c++/Delphi dlls or other is used
for injection. Purely in vb.
As the name suggests open a port on the victim computer and
you can telnet to the target port and you will have the cmd shell.
The application is not using any of the vb form.
EditServer
===========
Only 2 options for the moment.
1. port, to be opened on vic
2. registry name
The application drops a dll file in the system32 dir and an exe file.
The application auto starts on every boot.If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.