LYY Shell
Copyright © MegaSecurity
By ShadowTear
Informations
| From | China |
| Author | ShadowTear |
| Family | LYY Shell |
| Category | Remote Access |
| Version | LYY Shell |
Additional Information
LyyShell 1.0:
dropped file:
c:\WINNT\system32\ntkernel.exe
size: 38.912 bytes
port: 9533 TCP
added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LYY\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LYY\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LYY\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LYY\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LYY\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LYY\Security
Author Information / Description
Default Password: lyy
Default Port: 9533
Command List:
//exit
//cmd
//pslist
//pskill pid
//run mode
//sc query *
//sc query service
//sc start service
//sc stop service
//sc remove service
//ts query
//ts install port
//ts set port
//reboot
//logooff
//poweroff
//clog *
//clog sys
//clog app
//clog sec
//web
//path
//cd
//dir
//del
//rm
//ren
//type file
//sysinfo
//ca user1 user2
//cca
//ftime file1 file2
//send message counts
//help command
ShadowTearIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.