.: AR34 :.
Released 17 years, 9 months ago. Dec 2004By unsticky
- Coded by: unsticky
- Version: AR34
- Released date: Dec 2004, 17 years, 9 months ago.
- Coded in: Visual Basic, compressed with UPX
- Family: AR34
- Category: Information Stealer
dropped file: c:\WINDOWS\system32\msps.exe size: 15.872 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" data: C:\WINDOWS\system32\msps.exe tested on Windows XP December 12, 2004
Name: AR34 Class: Trojan / Password Stealer(?) Author: unsticky Build Date: Nov 27, 2004 Compiled in: Visual Basic 6 Packed in: UPX File Size: 15.5 kb Features: +Copy to system32 using encrypted file name +Delete intial server and run copy. +Add to Startup +Hide from TaskManager +AV Killing - Ad-Aware, Norton, and McAfee +Firewall Killing - ZoneAlarm, Kerio, and Windows +System Tool Killing - TaskManager, MSConfig, RegEdit, SystemRestore, and Command Prompt +Grab AIM MD5 Hashes and TestBuddy Passwords +Grab External and Internal IPs +Log Hashes, Passwords, Host Name, and IPs to encrypted hardcoded website. unsticky
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at firstname.lastname@example.org, thank you in advance.