Herman Agent
Released 20 years, 8 months ago. February 2004
Copyright © MegaSecurity
By matiteman
Informations
| Author | matiteman |
| Family | Herman Agent |
| Category | Information Stealer |
| Version | Herman Agent |
| Released Date | Feb 2004, 20 years, 8 months ago. |
Additional Information
Server:
dropped files:
c:\WINDOWS\SYSTEM\avp.exe Size: 186.370 bytes
c:\WINDOWS\iexplore.exe
c:\WINDOWS\iexplorer.exe
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "hagent"
Author Information / Description
herman agent by matiteman
about :
======
herman agent is an special stealer agent that retrieve many information
about remote host and send it to your mail box in attacheched file:
herman agent retrieve and send u the following information according your choice :
the mail client password list :
==============================
following email applications:
* Outlook Express
* Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
* Microsoft Outlook 2002 (POP3, IMAP, HTTP and SMTP Accounts)
* IncrediMail
* Eudora
* Group Mail Free
For each email account, the following information are sent:
Account Name, Application, Email, Server, Server Type (POP3/IMAP/SMTP),
User Name, and Password.
the protected password list :
=============================
the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
The passwords are stealed by reading the information from the Protected Storage.
the ressource name,password and username for the following application are sent :
* Outlook passwords
* AutoComplete passwords in Internet Explorer
* Password-protected sites in Internet Explorer
* MSN Explorer Passwords:
The MSN Explorer browser stores 2 types of passwords in the Protected Storage:
Sign-up passwords
AutoComplete passwords
the dialup password:
====================
it will retrieve, enumerates all Dial-Up entries and send u their logon details:
* User Name,
* Password
* Domain.
* phone number
the remote services list and status :
=====================================
it will send you the list of running services on remote system. For some of them,
additional useful information is sent:
* file description
* version
* product name
* company that created the driver file, and more.
the startup running list :
==========================
The StartupRun running send the list of all applications that are loaded automatically
when Windows boots. For each application, additional information is sent
* Product Name
* File Version,
* Description
* Company Name
in order to allow you to easily identify the applications that are loaded at Windows startup
the iehistory list :
====================
description :
-------------
Each time that you type a URL in the address bar or click on a link in Internet Explorer browser,
the URL address is automatically added to the history index file. When you type a sequence of
characters in the address bar, Internet Explorer automatically suggests you all URLs that begins
with characters sequence that you typed (unless AutoComplete feature for Web addresses
is turned off). However, Internet Explorer doesn't allow you to view and edit the entire URL list
that it stores inside the history file
the herman agent send u also the iehistory list if u want
author:
matitemanIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.