.: MAYA PWS 1.1 :.

Additional Details

• Coded by: Princeali
• Version: MAYA PWS 1.1
• Released date: Nov 2005, 16 years, 10 months ago.
• Coded in: Delphi, compressed with UPX
• Family: MAYA PWS
• Category: Information Stealer

MegaSecurity Notes

Server:
dropped file:
c:\WINDOWS\maya.exe         Size: 65,033 bytes 
c:\WINDOWS\sqlserver.dll    Size: 47,616 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Maya "StubPath"
data: C:\WINDOWS\maya.exe 
	
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Maya"
data: C:\WINDOWS\maya.exe 	

tested on Windows XP
December 03, 2005

Author Words

After noticing the first version had many requests and usage , I decided remaking it from scratch.
Making it log more passes uses new methods , less resources , and better firewall bypass technique next to a very clear log.
You would notice in your logs the following chars [M] its uses to separate the usernames from the passwords unlike older Maya version the logs were not so organized and had some problems.
Also I though making the log HTML Colored would be clearer for the user and so on.
You will also Notice some words between 2 [P] this happens when the user paste his username or password using CTRL+V Maya will also Catch it.
PHP script was replaced too now items are logged clearly for each user in Tables , FTP Delivery Method was removed and Replaced by Email , and I have  decided to add a Local delivery method (C:\maya.html)
Also Maya is able to get the IE visited URL and more ,i also Updated the Firewall bypassing technique into FWB#++, so Basically Older Maya users will notice a big difference

Princeali