I Feel Lucky I Feel Very Lucky

WinterLove 2.1

Released 19 years, 6 months ago. March 2005

Copyright © MegaSecurity

By plunix

Informations
From China
Author plunix
Family WinterLove
Category Remote Access
Version WinterLove 2.1
Released Date Mar 2005, 19 years, 6 months ago.
Language Microsoft Visual C++
Additional Information 
Server:
dropped file:
c:\WINNT\system32\server.exe
size: 46,608 bytes 

port: 3043 TCP

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MYSRVSHELL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySrvShell
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYSRVSHELL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MySrvShell



tested on Windows 2000
May 08, 2005

Author Information / Description 
Base config:
server port :           [ 3043 ]
server password :       [ plunix ]
password tips :         [ Need Password: ]
cmd message :           [ [plunix@root]# ]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
Service config:
service name :          [ MySrvShell ]
service displayname :   [ MySrvShell Service ]
service description :   [ Provide Windows CmdShell Class Service ]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
Ftp service config:
ftp port :              [ 21 ]
ftp login name :        [ plunix ]
ftp login pass :        [ plunix ]
ftp path :              [ C:\MyFtp ]
                                           
plunix

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.