.: MAYA PWS 1.1 :.

Released 16 years ago. Nov 2005

By Princeali

Additional Details

  • Coded by: Princeali
  • Version: MAYA PWS 1.1
  • Released date: Nov 2005, 16 years ago.
  • Coded in: Delphi, compressed with UPX
  • Family: MAYA PWS
  • Category: Information Stealer

MegaSecurity Notes

Server:
dropped file:
c:\WINDOWS\maya.exe         Size: 65,033 bytes 
c:\WINDOWS\sqlserver.dll    Size: 47,616 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Maya "StubPath"
data: C:\WINDOWS\maya.exe 
	
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Maya"
data: C:\WINDOWS\maya.exe 	

tested on Windows XP
December 03, 2005

Author Words

After noticing the first version had many requests and usage , I decided remaking it from scratch.
Making it log more passes uses new methods , less resources , and better firewall bypass technique next to a very clear log.
You would notice in your logs the following chars [M] its uses to separate the usernames from the passwords unlike older Maya version the logs were not so organized and had some problems.
Also I though making the log HTML Colored would be clearer for the user and so on.
You will also Notice some words between 2 [P] this happens when the user paste his username or password using CTRL+V Maya will also Catch it.
PHP script was replaced too now items are logged clearly for each user in Tables , FTP Delivery Method was removed and Replaced by Email , and I have  decided to add a Local delivery method (C:\maya.html)
Also Maya is able to get the IE visited URL and more ,i also Updated the Firewall bypassing technique into FWB#++, so Basically Older Maya users will notice a big difference

Princeali

URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.