I Feel Lucky I Feel Very Lucky

NancyAjram

Released 18 years, 9 months ago. February 2006

Copyright © MegaSecurity

By Khaled

NancyAjram
Informations
Author Khaled
Family NancyAjram
Category Remote Access
Version NancyAjram
Released Date Feb 2006, 18 years, 9 months ago.
Language Visual Basic
Additional Information 
Server:
dropped files:
c:\Security.vbs    Size: 741 bytes 
c:\dlls\ArabicStrip.wma.exe              Size: 49,152 bytes 
c:\dlls\FuckFuckFuck.mpg.exe             Size: 49,152 bytes 
c:\dlls\FuckMovie.wma.exe                Size: 49,152 bytes 
c:\dlls\HotMovie.wma.exe                 Size: 49,152 bytes 
c:\dlls\mailit.vbs                       Size: 895 bytes 
c:\dlls\MissLebanon.jpg.exe              Size: 49,152 bytes 
c:\dlls\MyFirstSex.wma.exe               Size: 49,152 bytes 
c:\dlls\SexCaptured.jpg.exe              Size: 49,152 bytes 
c:\dlls\SexMovie.mpg.exe                 Size: 49,152 bytes 
c:\dlls\SexyArabicGirl.jpg.exe           Size: 49,152 bytes 
c:\dlls\SexyHaifa.jpg.exe                Size: 49,152 bytes 
c:\dlls\SexyLebaneseGirl.jpg.exe         Size: 49,152 bytes 
c:\dlls\SexyNancy.jpg.exe                Size: 49,152 bytes 
c:\dlls\StolenSexVideo.wma.exe           Size: 49,152 bytes 
c:\dlls\WindowsScreen.vbs                Size: 407 bytes 
c:\WINDOWS\
[email protected]
Size: 93 bytes 
c:\WINDOWS\system32\NancyAjram.exe       Size: 49,152 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDrives"
data: FF, FF, FF, 03 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoRun"
data: 01, 00, 00, 00 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
data: 01, 00, 00, 00 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoAdminPage"
data: 01, 00, 00, 00 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp "Disabled"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Ya Salam"
data: C:\WINDOWS\System32\NancyAjram.exe 




tested on Windows XP
June 14, 2006

Author Information / Description 
Backdoor/Worm coded by Khaled

functions:
this trojan spreads via irc,network and outlook

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.