Archive A Reconstructed © MegaSecurity Database

• a
• b
• c
• d
• e
• f
• g
• h
• i
• j
• k
• l
• m
• n
• o
• p
• q
• r
• s
• t
• u
• v
• w
• x
• y
• z
• other

Server:
size: 24.576 bytes

port: 26103 TCP

startup:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSMSS

/*
 * Win32 RootKit - cmd.exe remote shell backdoor
 * (c) 2003 Christophe Devine 
 * Distributed for educational purposes only!
 *
 * Before running ntbindshell.exe, rename it to
 * "rsmss.exe" and copy it into %windir%\system32.
 * This program will automatically register itself
 * as a system service the first time it is run,
 * provided it has the required privileges.
 *
 * To remove the service, start Regedit and delete
 * HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
 * Services\RSMSS, then reboot the computer.
 *
 * Backdoor usage:
 *
 *   normal (listen) mode: rsmss <port>
 *   reverse-connect mode: rsmss <port> <host>
 */

Christophe Devine

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.