Kernel32

Copyright © MegaSecurity

By PhotoPaul


Kernel32
Informations
Author PhotoPaul
Family Kernel32
Category Remote Access
Version Kernel32
Language Win32Asm
Additional Information
Server:
dropped file:
c:\WINDOWS\KERNEL32.EXE
size: 8,224 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Kernel"
data: C:\WINDOWS\KERNEL32.EXE 




tested on Windows XP
November 29, 2006

Author Information / Description
How to use it:
1) Run the Client
2) Enter your victim's IP (you can get it in many ways e.g. in mIRC type "/dns NickName" where NickName is your victim's nick) or HOST (e.g. photopaul.mshome.net)
3) Then click Connect (and here comes the fun :-)

When connected you can send the following commands which MUST be lowercase:
a) msgb???|???
Displays a MessageBox on your victim's screen
	Type the MessageBox's title, where the first ??? are
	Type the MessageBox's main message, where the second ??? are
b) close
Terminates the server for the current session
	You can't re-connect until the victim's PC is restarted
c) boot
Shuts Down the victim's PC
	You can't use it if you have first used the "close" command :-P
d) runa?????[ ?????]
Runs an application on your victim's PC
	Full command line support
	(e.g. "runac:\win98\notepad.exe win.ini")
e) pass
Retrieves Cached Passwords
	MessageBoxes appear on your screen containing your victim's Cached Passwords
	If something goes wrong, a txt containing the password will be created in Client's path
	
PhotoPaul

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.