GhostBot 0.58

Copyright © MegaSecurity

By Positron


Informations
Author Positron
Family GhostBot
Category Remote Access
Version GhostBot 0.58
Language Delphi, compressed with UPX
Additional Information
GhostBot:
dropped file:
c:\WINDOWS\ape1xnN5.exe
size: 35.128 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PVIEW95"
data: C:\WINDOWS\ape1xnN5.exe
 
does (try to) connect to an IRC server

tested on Windows XP
15 November 2004

Author Information / Description
Features:                                                                         ;
;          - SpyBot compatible commands,                                            ;
;          - AV/FW killer,                                                          ;
;          - CD-Key Stealer,                                                        ;
;          - Mydoom spreader,                                                       ;
;          - NetBIOS spreader,                                                      ; 
;          - Encrypted strings in EXE,                                              ;
;          - Web-server (http://xxx.xxx.xxx.xxx:Port),                              ;
;          - API search engine by CRC32 (used only for important APIs),             ;
;          - KeyLogger (Keylog file can be download from webserver too),            ;
;          - P2P spreader (Kazaa, Edonkey, Morpheus, XoloX, ShareAza, LimeWire,     ;
;          - Prepend all .exe files in shared dirs if they are smaller than 5MB,    ;
;          - Support DCC SEND, DCC GET, DCC CHAT and topic commands.                ;
;                                                                       

v0.58
   -LogOut when BOT disconnect fixed,
   -!logout command added,
   -GetNick and DownloadFile functions are fixed,
   -!rawclones command fixed,
   -almost all strings are encrypted in compiled .exe,
   -!redirect and !stopredirect commands are added.
   
Positron

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.