GhostBot 0.58
Copyright © MegaSecurity
By Positron
Informations
| Author | Positron |
| Family | GhostBot |
| Category | Remote Access |
| Version | GhostBot 0.58 |
| Language | Delphi, compressed with UPX |
Additional Information
GhostBot:
dropped file:
c:\WINDOWS\ape1xnN5.exe
size: 35.128 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PVIEW95"
data: C:\WINDOWS\ape1xnN5.exe
does (try to) connect to an IRC server
tested on Windows XP
15 November 2004
Author Information / Description
Features: ;
; - SpyBot compatible commands, ;
; - AV/FW killer, ;
; - CD-Key Stealer, ;
; - Mydoom spreader, ;
; - NetBIOS spreader, ;
; - Encrypted strings in EXE, ;
; - Web-server (http://xxx.xxx.xxx.xxx:Port), ;
; - API search engine by CRC32 (used only for important APIs), ;
; - KeyLogger (Keylog file can be download from webserver too), ;
; - P2P spreader (Kazaa, Edonkey, Morpheus, XoloX, ShareAza, LimeWire, ;
; - Prepend all .exe files in shared dirs if they are smaller than 5MB, ;
; - Support DCC SEND, DCC GET, DCC CHAT and topic commands. ;
;
v0.58
-LogOut when BOT disconnect fixed,
-!logout command added,
-GetNick and DownloadFile functions are fixed,
-!rawclones command fixed,
-almost all strings are encrypted in compiled .exe,
-!redirect and !stopredirect commands are added.
PositronIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.