TroMessenger 1.1

Released 18 years, 9 months ago. March 2006

Copyright © MegaSecurity

By Sma Soft


TroMessenger 1.1
Informations
From Iran
Author Sma Soft
Family TroMessenger
Category Information Stealer
Version TroMessenger 1.1
Released Date Mar 2006, 18 years, 9 months ago.
Language Delphi
Additional Information
Server:
dropped files:
c:\WINDOWS\WinMsgLoaderXP.exe            Size: 308,963 bytes 
c:\WINDOWS\system32\LoginCMD.exe         Size: 6,144 bytes 
c:\WINDOWS\system32\YMSG12ENCRYPT.dll    Size: 46,080 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinMsgLoader"
data: C:\WINDOWS\WinMsgLoaderXP.exe 
	
	
tested on Windows XP
March 30, 2006

Author Information / Description
Overview of Program
This is a Remote Trojan for Remote Controlling Computers via Yahoo! Messenger.
By this program, you can control the Remote PC by sending PM to a specified Yahoo! Messenger robot defined in the program settings.
That's like you are talking to the Remote PC to do a specified job.

How it works ?
This is the workflow of the program:

0) Goes on Startup.
1) Resides in the memory.
2) Waits for Internet Connection.
3) When Internet Connection Activated, attempts to Connect to Login the Robot ID.
4) Sends an Offline Message to Admin, when successfully logged in.
5) Now You can Control the Remote PC by sending PM to your robot.

Click Here to see an screenshot of how this program

View an screenshot of Edit Server

Minimum System Requirements:
 
1) Microsoft Windows XP or Windows Server 2003 Operating System. This program is not supported in Windows 2000, Windows 98 and prior, and Linux-based systems.
2) 128MB of RAM (256MB RAM is Recommended)
3) 700Mhz CPU.
4) 8MB Graphic Card Memory.
5) Enough Free Disk Space in the Windows drive. (For saving screenshot files and downloaded files)
6) Alive Internet Connection.  This program works in any Internet Connection. Like: Dialup, ADSL, Wireless, Broadband, Satellite, LAN and ...
This program works in Dialup Connections also. But since this program connects to Yahoo! Messenger Servers to login the Robot ID, an Alive Internet Connection can help program to work better.

Special Abilities

No Need For IP Address ! This is the main biggest ability of this program.
In other trojans you must have the IP Address of Remote PC you are attempting to control it. But in this program works without IP Address.  
Question - How a trojan can work without IP Address ?
Answer - Because this program provides a Yahoo! ID that acts as a robot for you, so you don't need to know the IP Address of Remote PC. Although the IP Address will be sent to you when PC comes online.
But this is just for knowing more info about Remote PC. and hasn't any effect on the work of TroMessenger.

Works on Behind-LAN and Behind-Router Computers. The Big problem of other trojans, such as Troya, is that they work only on IP-Based systems. 
i.e. Your target PC must have a Valid IP Address relative to you. For Example: if there is a network with 5 PCs and you are a member of this network, you can connect to those PCs. 
but someone from outside of network cannot Connect to the computers of that network. 
Because he doesn't have Valid IP Address in relation to your network computer. But, this problem IS SOLVED in TroMessenger.
By TroMessenger, you can Connect to any computer in any network. Just they must be connected to internet and the TroMessenger Server be running on that computers.

Commands

In this version, there are some base commands for controlling the Remote PC.

Result: The Result of execution of a command will be sent immediately after finishing the job. But, if the text returned from a command was very long (more than ... characters), it will be sent in some pieces, sequentially. 
That's Because Yahoo! Messenger doesn't accept Text with the length more than a specified number of characters.

/cmd - This is just like the MS-DOS Command Prompt. You can execute DOS commands on Remote PC, and see the Result. Commands like: DIR , VER , VOL , IPConfig , Netstat , WHOAMI and ... more useful DOS commands.
Example: /cmd dir C:\*.txt

Executing DOS Commands
You can execute some specific MS-DOS commands to get more information about the target PC.

/cmd dir - For getting file and folder listing. You can use switches and parameters to get your specific result. Example: /cmd dir /on , /cmd dir *.txt

/cmd ipconfig - Get Network Information. This commands is for to get information about network adapters exist on that PC. It retrieves the Network Adapter Name, IP Address, Gateway, DNS Server and ... etc.

/cmd tasklist - Gets list of running processes. It is same as the Windows Task Manager. But in DOS Mode.

/cmd whoami - Tells you that how the target PC is defined in the network. The Info returned: Domain / Workgroup Name , Computer Name and Windows UserName.
 Note: This commands works only in Windows Server 2003. it's not supported on Windows XP.

/cmd netstat - Displays all Network and Internet Active Connections in the PC. To get the fast result, use /cmd netstat -na

Getting Computer Information:
By using the following commands, you can get general information about the target computer.

/IP - tells you the IP Address of the Remote PC. Note that a computer can have more than 1 IP Address associated with it. 
For Example, you have a Dialup Account for connecting to internet, and your computer is already connected to a local area network (LAN). then you have 2 IP Addresses defined in your PC.
TroMessenger will send the All IP Addresses exist on the PC.

/osname - tells you the full Windows Version and Service Pack Name. For Example: Windows Server 2003 Service Pack 1.

/computername: tells you the name of the computer defined in the network. Other computes in that network will know this computer by this name.
 If the computer is not connected to network, doesn't matter. the name will be sent.

/winusername: tells you the Name of the Windows Account currently logged in. Note that in Windows XP, maybe more than 1 user exist on this computer. 
And this parameter can vary anytime users log into.
But in Windows Server 2003 this name is always returned as Administrator. Nevertheless the Admin has already defined some other user names. but usually Admins don't do that.

/yahooid - Tells you the Yahoo ID of the last person used Yahoo! Messenger in the Remote PC.

Main Program Abilities

/Help - Displays the list of available commands in this version of TroMessenger. maybe news commands be added in next versions. so you will know them by using this command.

/screenshot - Shows you a screenshot from the Remote PC.
Question - Yahoo! Messenger is a Text-Based program, but how TroMessenger can show me a picture ?
Answer - TroMessenger shows you the picture indirectly. that means: it takes the screenshot, and uploads it to the host, and gives you the link to the taken picture.

/download - Downloads a file from web and saves it in the specified location at the Remote PC. You will be notified by finishing the download.
Syntax: /download "http://www.hostname.com/folder/file.zip" "C:\SavedFile.zip"
Note: You must use Quote Marks ("). If you forgot to put quotes, download will not work.

/restart - Restarts the Windows in the Remote PC.
Warning: If you test it on your PC, you will be restarted without any question or confirmation. and any changes in your programs will be lost.
 so care about using this command. also Shutdown command.

/shutdown - Turns Off the Remote PC. (The warning repeated)

/time , /date - Shows the DateTime.

/ejectcd - Ejects the CD-ROM Drive.

/closecd - Closes the door of CD-ROM Drive after ejection.

/view - For showing content of Text Files. Note: if the text is longer than ... bytes, it will be divided to several pieces and they will be sent one after one.

/getfile - uploads a specified file to host and gives you the link. This is used for downloading binary (non-text) files from remote pc.

/status , /idle , /busy - Sets the Status Message of the Robot to what you want. Plus using Busy and Idle Icons beside ID.
Example Syntaxes:
/status Now I'm ready.
/idle I'm away from PC.
/busy Currently Busy.

/cancel - Cancels the current executing job. For example you decided to view a 1MB text file. and the text is being sent to you piece by piece,
 but you suddenly decide to cancel the operation and not to send the remaining pieces of text. Just use a /cancel command.

/login - For logging in of non-admin users. Everytime TroMessenger starts, if you are not the predefined Admin of Robot, but you know the password,
 you should use /login  your password to begin using program. Don't use quote marks for your password.

Sma Soft

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.