MadCow

Released 18 years, 3 months ago. August 2006

Copyright © MegaSecurity

By ZeroByte


Informations
Author ZeroByte
Family MadCow
Category Remote Access
Version MadCow
Released Date Aug 2006, 18 years, 3 months ago.
Additional Information
dropped files:
c:\WINDOWS\winsys.exe                        Size: 439,808 bytes 
c:\WINDOWS\system32\drivers\win32ctrl.cpl    Size: 396,800 bytes 

port: 5431 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "win32ctrl"
data: control.exe C:\Windows\system32\drivers\win32ctrl.cpl 

	
tested on Windows XP
November 17, 2006

Author Information / Description
MadCow is a stealth trojan for Windows 2000/XP/2003.
It's a win32 controlpanel-applet (.cpl) file, that hides itself in the system service 'svchost.exe'
so it can't be closed.


Instructions:
1) Install the Madcow trojan on the victims computer using the included installer.

2) At your own computer open a telnet connection to the victim on port 579.
   Now you just see a blank screen... Now type: "letmein" and press return.

3) You should now see the text "/$". Now you can type in your command. (see list of commands).
   Have fun  >:]


Commands:
ps  	  = Process list. This shows you a list of all the open programs on the victims computer.
kill 	  = Kills a process. Use like: "kill 3519". (Hint: To shutdown the computer kill 'winlogon').
cmd  	  = Opens a command prompt with admin rights, so you can do almost everything 
            you want on the victims computer.
uninstall = Disables madcow autorun function.
exit 	  = Exit MadCow.

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.