I Feel Lucky I Feel Very Lucky

Superbot Trojan

Released 22 years, 3 months ago. June 2002

Copyright © MegaSecurity

By Ovivo

Superbot Trojan
Informations
From Romania
Author Ovivo
Family Superbot Trojan
Category Remote Access
Version Superbot Trojan
Released Date Jun 2002, 22 years, 3 months ago.
Language Delphi
Additional Information 
Server:
dropped file:
c:\WINDOWS\SYSTEM\Runll32.exe 

size: 587.776 bytes

startup:
c:\windows\win.ini, [windows] "run" 

registry added:
HKEY_CURRENT_USER\Software\mIRC 
HKEY_CURRENT_USER\Software\mIRC\DateUsed 
HKEY_CLASSES_ROOT\.cha 
HKEY_CLASSES_ROOT\.chat 
HKEY_CLASSES_ROOT\ChatFile 
HKEY_CLASSES_ROOT\ChatFile\DefaultIcon 
HKEY_CLASSES_ROOT\ChatFile\Shell 
HKEY_CLASSES_ROOT\ChatFile\Shell\open 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\command 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Application 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\ifexec 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Topic 
HKEY_CLASSES_ROOT\irc 
HKEY_CLASSES_ROOT\irc\DefaultIcon 
HKEY_CLASSES_ROOT\irc\Shell 
HKEY_CLASSES_ROOT\irc\Shell\open 
HKEY_CLASSES_ROOT\irc\Shell\open\command 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Application 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\ifexec 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Topic 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mIRC 

files added:
c:\WINDOWS\SYSTEM\bot.ini 
c:\WINDOWS\SYSTEM\canal.txt 
c:\WINDOWS\SYSTEM\canale.ini 
c:\WINDOWS\SYSTEM\cfg.ini 
c:\WINDOWS\SYSTEM\info.ini 
c:\WINDOWS\SYSTEM\join.ini 
c:\WINDOWS\SYSTEM\join.txt 
c:\WINDOWS\SYSTEM\master.ini 
c:\WINDOWS\SYSTEM\mirc.ini 
c:\WINDOWS\SYSTEM\pro.mrc 
c:\WINDOWS\SYSTEM\pro2.mrc 
c:\WINDOWS\SYSTEM\protection�.conf 
c:\WINDOWS\SYSTEM\Runll32.exe 
c:\WINDOWS\SYSTEM\s.ini 
c:\WINDOWS\SYSTEM\super.ini 
c:\WINDOWS\SYSTEM\talk.ico 
c:\WINDOWS\SYSTEM\useri.ini 
c:\WINDOWS\SYSTEM\userul.ini 
c:\WINDOWS\SYSTEM\vxd.exe 
c:\WINDOWS\TEMP\temp12.exe

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.