Genie 1.1 - Malware Gallery

Informations

Author	prncipia
Family	Genie
Category	Remote Access
Version	Genie 1.1
Released Date	Feb 2006, 18 years, 9 months ago.

Additional Information

dropped files:
c:\WINDOWS\cagent.exe              Size: 15,486 bytes 
c:\WINDOWS\system32\regmont.exe    Size: 15,486 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "Run"
data: C:\WINDOWS\cagent.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "RegMon"
data: C:\WINDOWS\System32\regmont.exe 



tested on Windows XP
March 19, 2006

Author Information / Description

Genie v1.1 , for Windows 98/NT/XP,build 01-02-2006
Code by prncipia

Genie is a simple Telnet backdoor program.

-When Gene.exe executed, it opens port on 1179.
-Creates a copy of itself as %System%\regmont.exe and %windir%\cagent.exe
-And adds the follow values in the registry to be executed each time Windows starts.

"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
"RegMon" = " %System%\regmont.exe" 
 
"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows"
"Run" = "%windir%\cagent.exe"  


Genie commands:
Exit                        Close current connection.
Reset                       Reboot windows.
Vshutdown                   Shutdown the virus.


Now to conect to remote host you have to type   Telnet "targets_ip" 1179
then type "hello" to activate the program.
And the last step is to ask you for the password and by default password is "katerina".
That's it.

I accept email from any user with comments or bug fixes.

Note:
This is version 1.1 so the are bugs, incompatabilities with various flavors of windows and other anomolies ! 
But if you want something better write it yourself.
Oh and send me a copy..!!
Of course this program is untraceable from any antivirus .......except firewalls.


prncipia