Kernel32
Copyright © MegaSecurity
By PhotoPaul
Informations
| Author | PhotoPaul |
| Family | Kernel32 |
| Category | Remote Access |
| Version | Kernel32 |
| Language | Win32Asm |
Additional Information
Server:
dropped file:
c:\WINDOWS\KERNEL32.EXE
size: 8,224 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Kernel"
data: C:\WINDOWS\KERNEL32.EXE
tested on Windows XP
November 29, 2006
Author Information / Description
How to use it:
1) Run the Client
2) Enter your victim's IP (you can get it in many ways e.g. in mIRC type "/dns NickName" where NickName is your victim's nick) or HOST (e.g. photopaul.mshome.net)
3) Then click Connect (and here comes the fun :-)
When connected you can send the following commands which MUST be lowercase:
a) msgb???|???
Displays a MessageBox on your victim's screen
Type the MessageBox's title, where the first ??? are
Type the MessageBox's main message, where the second ??? are
b) close
Terminates the server for the current session
You can't re-connect until the victim's PC is restarted
c) boot
Shuts Down the victim's PC
You can't use it if you have first used the "close" command :-P
d) runa?????[ ?????]
Runs an application on your victim's PC
Full command line support
(e.g. "runac:\win98\notepad.exe win.ini")
e) pass
Retrieves Cached Passwords
MessageBoxes appear on your screen containing your victim's Cached Passwords
If something goes wrong, a txt containing the password will be created in Client's path
PhotoPaulIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.