ComRat
Released 18 years, 2 months ago. September 2006
Copyright © MegaSecurity
By Elusive
Informations
| Author | Elusive |
| Family | ComRat |
| Category | Remote Access |
| Version | ComRat |
| Released Date | Sep 2006, 18 years, 2 months ago. |
| Language | C, source included |
Additional Information
Server:
dropped file:
c:\WINDOWS\system32\comr.exe
size: 36,600 bytes
port: 1234 TCP
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Connection Initializer"
tested on Windows XP
November 05, 2006
Author Information / Description
Functions:
1) Send message box
2) Notepad Bomb
3) Swap Mouse buttons
4) Shut down server
5) Execute commands in system32
6) Crazy Mouse
7) Create remote shell
8) Upload file
9) Uninstall Server
The Server
-----------------
First of all it hides itself from taskmanager and it installs itself as comr.exe.
It then adds itself to the registry in the HKLM "run" key as "Connection Initializer"
The only way to locally stop the program is to go through command prompt and type
"taskkill /f /im comr.exe" .
Coming Editions
--------------------------
In my next version I am making it so the client can download files and also so that
the server can be install locally through the command -install or remove it locally by
the command -uninstall. I will also make it so then you can locally specify what port
to listen on for connections or if you want to reverse connect to a specific computer.
The ip address would be put in a registry key and would be encrypted for the programs
use only.If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.