Archive A Reconstructed © MegaSecurity Database
AR34
Released 21 years, 4 months ago. December 2004
Copyright © MegaSecurity
By unsticky
Informations
| Author | unsticky |
| Family | AR34 |
| Category | Information Stealer |
| Version | AR34 |
| Released Date | Dec 2004, 21 years, 4 months ago. |
| Language | Visual Basic, compressed with UPX |
Additional Information
dropped file:
c:\WINDOWS\system32\msps.exe
size: 15.872 bytes
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"
data: C:\WINDOWS\system32\msps.exe
tested on Windows XP
December 12, 2004
Author Information / Description
Name: AR34
Class: Trojan / Password Stealer(?)
Author: unsticky
Build Date: Nov 27, 2004
Compiled in: Visual Basic 6
Packed in: UPX
File Size: 15.5 kb
Features:
+Copy to system32 using encrypted file name
+Delete intial server and run copy.
+Add to Startup
+Hide from TaskManager
+AV Killing - Ad-Aware, Norton, and McAfee
+Firewall Killing - ZoneAlarm, Kerio, and Windows
+System Tool Killing - TaskManager, MSConfig, RegEdit, SystemRestore, and Command Prompt
+Grab AIM MD5 Hashes and TestBuddy Passwords
+Grab External and Internal IPs
+Log Hashes, Passwords, Host Name, and IPs to encrypted hardcoded website.
unstickyThis archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.