.: Herman Agent 1.0 :.
Released 17 years, 5 months ago. Feb 2004By matiteman
- Coded by: matiteman
- Version: Herman Agent 1.0
- Released date: Feb 2004, 17 years, 5 months ago.
- Family: Herman Agent 1.0
- Category: Information Stealer
Server: dropped files: c:\WINDOWS\SYSTEM\avp.exe Size: 186.370 bytes c:\WINDOWS\iexplore.exe c:\WINDOWS\iexplorer.exe startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "hagent"
herman agent by matiteman about : ====== herman agent is an special stealer agent that retrieve many information about remote host and send it to your mail box in attacheched file: herman agent retrieve and send u the following information according your choice : the mail client password list : ============================== following email applications: * Outlook Express * Microsoft Outlook 2000 (POP3 and SMTP Accounts only) * Microsoft Outlook 2002 (POP3, IMAP, HTTP and SMTP Accounts) * IncrediMail * Eudora * Group Mail Free For each email account, the following information are sent: Account Name, Application, Email, Server, Server Type (POP3/IMAP/SMTP), User Name, and Password. the protected password list : ============================= the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer. The passwords are stealed by reading the information from the Protected Storage. the ressource name,password and username for the following application are sent : * Outlook passwords * AutoComplete passwords in Internet Explorer * Password-protected sites in Internet Explorer * MSN Explorer Passwords: The MSN Explorer browser stores 2 types of passwords in the Protected Storage: Sign-up passwords AutoComplete passwords the dialup password: ==================== it will retrieve, enumerates all Dial-Up entries and send u their logon details: * User Name, * Password * Domain. * phone number the remote services list and status : ===================================== it will send you the list of running services on remote system. For some of them, additional useful information is sent: * file description * version * product name * company that created the driver file, and more. the startup running list : ========================== The StartupRun running send the list of all applications that are loaded automatically when Windows boots. For each application, additional information is sent * Product Name * File Version, * Description * Company Name in order to allow you to easily identify the applications that are loaded at Windows startup the iehistory list : ==================== description : ------------- Each time that you type a URL in the address bar or click on a link in Internet Explorer browser, the URL address is automatically added to the history index file. When you type a sequence of characters in the address bar, Internet Explorer automatically suggests you all URLs that begins with characters sequence that you typed (unless AutoComplete feature for Web addresses is turned off). However, Internet Explorer doesn't allow you to view and edit the entire URL list that it stores inside the history file the herman agent send u also the iehistory list if u want author: matiteman
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at firstname.lastname@example.org, thank you in advance.