Spirit 2
Released 19 years, 4 months ago. May 2005
Copyright © MegaSecurity
By iciko
Informations
| Author | iciko |
| Family | Spirit |
| Category | Remote Access |
| Version | Spirit 2 |
| Released Date | May 2005, 19 years, 4 months ago. |
| Language | Delphi, compressed with FSG, Source included |
Additional Information
Client:
port: 1036 TCP
Server:
dropped file:
c:\WINDOWS\system32\msvrhost32.exe
size: 1,755 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2A202488-F02D-11cf-64CD-1123AFEECF20} "StubPath"
data: C:\WINDOWS\System32\msvrhost32.exe
tested on Windows XP
May 21, 2005
Author Information / Description
spirit is a reverse connection mini-uploader assembled with nasm.
@@ ActiveX Startup Method
@@ Only one registry key added
@@ Only one file dropped in the windows system directory
@@ Only one port and one socket for everything
@@ Injects into explorer.exe
@@ Bypasses hooking firewalls(like Tiny)
@@ Low memory usage
@@ <1.8kb unpacked
!! Cannot be packed AFAIK(It will crash if you pack it)
!! Hexing the server has a 95% chance of breaking the code
?? Double-click to upload and run a file
?? Download feature isn't implemented yet
icikoIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.