pMK_Veryfun
Released 19 years, 6 months ago. March 2005
Copyright © MegaSecurity
By pHuong mInk Kao [pMK]
Informations
| From | Korea |
| Author | pHuong mInk Kao [pMK] |
| Family | pMK_Veryfun |
| Category | Remote Access |
| Version | pMK_Veryfun |
| Released Date | Mar 2005, 19 years, 6 months ago. |
| Language | Microsoft Visual C++, compressed with UPX |
Additional Information
Server:
dropped files:
c:\MsBootMgr.exe Size: 23,040 bytes
c:\WINDOWS\system32\MsIdle32.exe Size: 23,040 bytes
c:\WINDOWS\system32\MsIdle32Hook.dll Size: 20,480 bytes
c:\WINDOWS\system32\pMK_kLog.txt Size: 0 bytes
c:\WINDOWS\system32\pMK_kLogF.txt Size: 0 bytes
c:\WINDOWS\system32\pMK_wLog.txt Size: 228 bytes
port: 1906, 1907 TCP
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pVF.exe "(Default)"
data: C:\WINDOWS\System32\MsIdle32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MsBootMgr.exe"
data: C:\\MsBootMgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MsIdle32.exe"
data: C:\WINDOWS\System32\MsIdle32.exe
tested on Windows XP
April 04, 2005
Author Information / Description
Available commands:
!HELP : Display this message
!HELPV : Huong dan bang tieng Viet < UNDER CONSTRUCTION >
!MB "msg" : Display message
!BI -+ : Unblock/Block input
!BP n : Beep n times
!CD -+ : Close/Eject CD Drive
!XS n : Start Menu : 1 : Hide ; 3: Disable ; 4: Enable
!TM -+ : Enable/Disable Task Manager
!RT -+ : Enable/Disable Registry
!SI "msg" : Send text message to active window
!LP : List processes
!KP "proc" : Kill process
!CW : Crash Windows
!LW : List Windows
!KKA : Kick known AntiVirus
!KW -+ : Kill Windows so it can't start :D
!FM "msg" : Flood messages, use "!FM-" to cancel !
!SWT "txt" : Set windows text
!FZ -+ : Freeze windows, it's really cool
!*VOL n : Set Master Volume [ 0..100 ]
!PW "path" : Play wave file <TESTING>
!INFO : Various information about running computer
!KL : View key log < VERY USEFUL >
!KLF : View filtered key log < VERY USEFUL >
!CL : Clear key log
!EMC : Enum trojan's copy on LAN <TESTING>
!NAU : Net add user with blank password < VERY USEFUL >
!SC : Display ftp settings
!CHAT "nick": Chat with victim. To close chat dialog, use "!CHAT-"
!UD : Update new version
!RUN "file" "param" : Run program
!UL "file" "server" "port" "user" "pass" : Upload file to ftp server
!M@IL "server" "sender" "receiver" "subject" "data" : Send a e-mail
!DL "url" "file" : Download url to local file
!QUIT : Terminate connection to host.If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.