Full Disclosure mailing list archives
Project structure of ADWARE/VIRUS/TROJAN ( AIM EXPLOIT) related to Realphx.com
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Sat, 11 Oct 2003 22:40:30 +0200
I was making a little research in the objects and this is the clean code of the project ( not complete , off course but resources ) *Project1-VB.Project --> Type=Exe Form=av.frm Module=Module1; Module1.bas Startup="av" Description="" HelpFile="" Name="Project1" Title="av2" ExeName32="av.exe" *AV-VB.Form --> VERSION 5.00 Begin VB.Form av Caption = "av" LinkTopic = "av" Visible = 0 'False ClientLeft = 60 ClientTop = 345 ClientWidth = 1560 ClientHeight = 495 StartupPosition = 3 Begin VB.Timer Timer1 Interval = 60000 Left = 0 Top = 0 End End *Timer1-VB.Timer --> VERSION 5.00 Begin VB.Form av Caption = "av" LinkTopic = "av" Visible = 0 'False ClientLeft = 60 ClientTop = 345 ClientWidth = 1560 ClientHeight = 495 StartupPosition = 3 Begin VB.Timer Timer1 Interval = 60000 Left = 0 Top = 0 End End New Information: Possible compilation with debug info. Why ? I found these files linked to the av.exe : - VBA6.DLL -> LINK PRESENT BUT NOT USED/NEEDED - VB6.OLB -> LINK PRESENT BUT NOT USED/NEEDED ---- The Registry keys used: _ SOFTWARE\Microsoft\Windows\CurrentVersion\Run : Antivir -> c:\av.exe SOFTWARE\America Online\AOL Instant Messenger (TM)\CurrentVersion\Misc BaseDataPath Z Software\America Online\AOL Instant Messenger(TM)\CurrentVersion\Login: Screen Name -> info.htm /\INFO.HTM/\ < f o n t s i z e = 5 > < b > < A H R E F = " H T T P : / / W W W . R E A L P H X . C O M " > W W W . R E A L P H X . C O M < / a > < / f o n t > /\<<<EOF/\ That's all at the moment ;-) more info will be available in www.nsrg-security.com . Best Regards, --- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2 ID: 0x9C38E1D7 ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Project structure of ADWARE/VIRUS/TROJAN ( AIM EXPLOIT) related to Realphx.com Lorenzo Hernandez Garcia-Hierro (Oct 11)