MadCow
Released 18 years, 1 month ago. August 2006
Copyright © MegaSecurity
By ZeroByte
Informations
| Author | ZeroByte |
| Family | MadCow |
| Category | Remote Access |
| Version | MadCow |
| Released Date | Aug 2006, 18 years, 1 month ago. |
Additional Information
dropped files:
c:\WINDOWS\winsys.exe Size: 439,808 bytes
c:\WINDOWS\system32\drivers\win32ctrl.cpl Size: 396,800 bytes
port: 5431 TCP
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "win32ctrl"
data: control.exe C:\Windows\system32\drivers\win32ctrl.cpl
tested on Windows XP
November 17, 2006
Author Information / Description
MadCow is a stealth trojan for Windows 2000/XP/2003.
It's a win32 controlpanel-applet (.cpl) file, that hides itself in the system service 'svchost.exe'
so it can't be closed.
Instructions:
1) Install the Madcow trojan on the victims computer using the included installer.
2) At your own computer open a telnet connection to the victim on port 579.
Now you just see a blank screen... Now type: "letmein" and press return.
3) You should now see the text "/$". Now you can type in your command. (see list of commands).
Have fun >:]
Commands:
ps = Process list. This shows you a list of all the open programs on the victims computer.
kill = Kills a process. Use like: "kill 3519". (Hint: To shutdown the computer kill 'winlogon').
cmd = Opens a command prompt with admin rights, so you can do almost everything
you want on the victims computer.
uninstall = Disables madcow autorun function.
exit = Exit MadCow.If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.