I Feel Lucky I Feel Very Lucky

Superbot Trojan

Released 22 years, 10 months ago. June 2002

Copyright © MegaSecurity

By Ovivo

Superbot Trojan
Informations
From Romania
Author Ovivo
Family Superbot Trojan
Category Remote Access
Version Superbot Trojan
Released Date Jun 2002, 22 years, 10 months ago.
Language Delphi
Additional Information 
Server:
dropped file:
c:\WINDOWS\SYSTEM\Runll32.exe 

size: 587.776 bytes

startup:
c:\windows\win.ini, [windows] "run" 

registry added:
HKEY_CURRENT_USER\Software\mIRC 
HKEY_CURRENT_USER\Software\mIRC\DateUsed 
HKEY_CLASSES_ROOT\.cha 
HKEY_CLASSES_ROOT\.chat 
HKEY_CLASSES_ROOT\ChatFile 
HKEY_CLASSES_ROOT\ChatFile\DefaultIcon 
HKEY_CLASSES_ROOT\ChatFile\Shell 
HKEY_CLASSES_ROOT\ChatFile\Shell\open 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\command 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Application 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\ifexec 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Topic 
HKEY_CLASSES_ROOT\irc 
HKEY_CLASSES_ROOT\irc\DefaultIcon 
HKEY_CLASSES_ROOT\irc\Shell 
HKEY_CLASSES_ROOT\irc\Shell\open 
HKEY_CLASSES_ROOT\irc\Shell\open\command 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Application 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\ifexec 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Topic 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mIRC 

files added:
c:\WINDOWS\SYSTEM\bot.ini 
c:\WINDOWS\SYSTEM\canal.txt 
c:\WINDOWS\SYSTEM\canale.ini 
c:\WINDOWS\SYSTEM\cfg.ini 
c:\WINDOWS\SYSTEM\info.ini 
c:\WINDOWS\SYSTEM\join.ini 
c:\WINDOWS\SYSTEM\join.txt 
c:\WINDOWS\SYSTEM\master.ini 
c:\WINDOWS\SYSTEM\mirc.ini 
c:\WINDOWS\SYSTEM\pro.mrc 
c:\WINDOWS\SYSTEM\pro2.mrc 
c:\WINDOWS\SYSTEM\protection�.conf 
c:\WINDOWS\SYSTEM\Runll32.exe 
c:\WINDOWS\SYSTEM\s.ini 
c:\WINDOWS\SYSTEM\super.ini 
c:\WINDOWS\SYSTEM\talk.ico 
c:\WINDOWS\SYSTEM\useri.ini 
c:\WINDOWS\SYSTEM\userul.ini 
c:\WINDOWS\SYSTEM\vxd.exe 
c:\WINDOWS\TEMP\temp12.exe

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.