Archive A Reconstructed © MegaSecurity Database

• a
• b
• c
• d
• e
• f
• g
• h
• i
• j
• k
• l
• m
• n
• o
• p
• q
• r
• s
• t
• u
• v
• w
• x
• y
• z
• other

Server:
dropped files:
c:\WINDOWS\system32\server.dll            Size: 28,692 bytes 
c:\WINDOWS\system32\yahoomessenger.exe    Size: 50,705 bytes 

startup:	
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Updates"
data: C:\WINDOWS\yahoomessenger.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Updates"
data: C:\WINDOWS\System32yahoomessenger.exe 	



Tested on Windows XP
July 08, 2007

This application is based on the fwb injection technique
completely coded in vb. No c/c++/Delphi dlls or other is used
for injection. Purely in vb.

As the name suggests open a port on the victim computer and
you can telnet to the target port and you will have the cmd shell.

The application is not using any of the vb form.


EditServer
===========

Only 2 options for the moment.
1. port, to be opened on vic
2. registry name

The application drops a dll file in the system32 dir and an exe file.

The application auto starts on every boot.

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.