Spy System
Released 24 years, 5 months ago. April 2000
Copyright © MegaSecurity
By Zerg (Destructive Labs.)
Informations
| From | Russia |
| Author | Zerg (Destructive Labs.) |
| Family | Spy System |
| Category | Remote Access |
| Version | Spy System |
| Released Date | Apr 2000, 24 years, 5 months ago. |
| Language | Delphi, compressed with ASPack |
Additional Information
Installer:
size: 157.184 bytes
Servers:
c:\WINDOWS\SYSTEM\gdi32.exe
size: 292.753 bytes
c:\WINDOWS\winoldap.exe
size: 303.021 bytes
c:\WINDOWS\syswin.exe
size: 204.699 bytes
added:
c:\WINDOWS\EXPLORER.DL_
c:\WINDOWS\SCANREGW.DL_
c:\WINDOWS\syswin.exe
c:\WINDOWS\WININIT.INI
c:\WINDOWS\winoldap.exe
c:\WINDOWS\SYSTEM\gdi32.exe
c:\WINDOWS\SYSTEM\MPREXE.DL_
wininit.ini does the following after reboot:
[rename]
C:\WINDOWS\EXPLORER.EXE=C:\WINDOWS\EXPLORER.DL_
C:\WINDOWS\SYSTEM\MPREXE.EXE=C:\WINDOWS\SYSTEM\MPREXE.DL_
C:\WINDOWS\SCANREGW.EXE=C:\WINDOWS\SCANREGW.DL_
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "(Default)"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "(Default)"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "(Default)"
c:\windows\win.ini, [windows] "run"
platform: win 95/98If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.