.: MAYA PWS 1.1 :.
Released 16 years, 6 months ago. Nov 2005
By Princeali::actions
Additional Details
- Coded by: Princeali
- Version: MAYA PWS 1.1
- Released date: Nov 2005, 16 years, 6 months ago.
- Coded in: Delphi, compressed with UPX
- Family: MAYA PWS
- Category: Information Stealer
MegaSecurity Notes
Server: dropped file: c:\WINDOWS\maya.exe Size: 65,033 bytes c:\WINDOWS\sqlserver.dll Size: 47,616 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Maya "StubPath" data: C:\WINDOWS\maya.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Maya" data: C:\WINDOWS\maya.exe tested on Windows XP December 03, 2005
Author Words
After noticing the first version had many requests and usage , I decided remaking it from scratch. Making it log more passes uses new methods , less resources , and better firewall bypass technique next to a very clear log. You would notice in your logs the following chars [M] its uses to separate the usernames from the passwords unlike older Maya version the logs were not so organized and had some problems. Also I though making the log HTML Colored would be clearer for the user and so on. You will also Notice some words between 2 [P] this happens when the user paste his username or password using CTRL+V Maya will also Catch it. PHP script was replaced too now items are logged clearly for each user in Tables , FTP Delivery Method was removed and Replaced by Email , and I have decided to add a Local delivery method (C:\maya.html) Also Maya is able to get the IE visited URL and more ,i also Updated the Firewall bypassing technique into FWB#++, so Basically Older Maya users will notice a big difference Princeali
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.