Helios 4.10-LE

Released 22 years, 10 months ago. January 2002

By Helios

Informations

From	Belgium
Author	Helios
Family	Helios
Category	Remote Access
Version	Helios 4.10-LE
Released Date	Jan 2002, 22 years, 10 months ago.
Language	Visual Basic

Additional Information

Client:
port: 1171 TCP




Server:
dropped files:
c:\WINNT\winstart.bat             size: 150 bytes 
c:\WINNT\system32\ScanStartup.exe size: 294.912 bytes 
c:\WINNT\system32\unist546.dat    size: 294.912 bytes 

port: 3322, 2701 TCP

startup:
c:\winnt\system.ini, [boot] "Shell"
value: Explorer.exe C:\WINNT\system32\ScanStartup.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ScanStartup "StubPath"
data: C:\WINNT\system32\ScanStartup.exe
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ScanStartup"
data: C:\WINNT\system32\ScanStartup.exe
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices "ScanStartup"
data: C:\WINNT\system32\ScanStartup.exe 

tested on Win2000

Author Information / Description

full VB6 trojan horse
HelioS-Trojan-4.10-LE 

by HelioS Himself

startup
-------

reg/run
reg/runservices
win.ini
system.ini
winstart.bat

installs itself in system dir \ScanStartup.exe

port 2701

functions
---------

-running tasks
-running windows
-upload
-download
-full media control
-all the lamer stuff and lots more
-capture screen bmp or jpeg
-desktop clicker
-change every color you want
-msg box
-input box
-chat
-full DOS control
-netstat control
-seceret kernel commands
-change the start button
-regeditor
-file browser and all the file functions (del, copy,...)
-windows boot options (power off, reset, log off,...)
-the matrix
-earthquake
-pacman joke
-change wallpaper
-play a movie, mp3, wav, Audio CD, ...
-full winamp (advanced)
-mediaplayer control
-let his pc talk (merlin)
-i am gay joke
-steal his passwords
-change his resolution
-let him download a file from the internet
-change his internet explorer settings
-unistall server