Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

Cold Fusion 1.2 (build 97)

Released 21 years, 2 months ago. February 2005

Copyright © MegaSecurity

By Satan_addict, Flippmode, Read101, Trade Mark

Informations
Author Satan_addict, Flippmode, Read101, Trade Mark
Family Cold Fusion
Category Remote Access
Version Cold Fusion 1.2 (build 97)
Released Date Feb 2005, 21 years, 2 months ago.
Language Delphi
Additional Information
Server:
dropped files:
c:\WINDOWS\mwspool.exe                   Size: 4,169,983 bytes 
c:\WINDOWS\winsock.scr                   Size: 6,223,983 bytes 
c:\WINDOWS\system32\backup.exe           Size: 22,016 bytes 
c:\WINDOWS\system32\run.com              Size: 2,115,983 bytes 
c:\WINDOWS\system32\spool.exe            Size: 123,603 bytes 
c:\WINDOWS\system32\drivers\~DF4DAO.dll  Size: 73,216 bytes 

changed file:
c:\WINDOWS\system32\userinit.exe
old size: 22,016 bytes 
new size: 60,956 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe winsock.scr 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"
old data: 
new data: C:\WINDOWS\System32\run.com 


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{TEST_9381D8F2-0288-11D0-9501-00AA00B911A5} "StubPath"
data: C:\WINDOWS\System32\spool.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winupde"
data: C:\WINDOWS\mwspool.exe 



tested on Windows XP
February 16, 2005

Author Information / Description
Cold Fusion v1.2 Public
=======================

History:
This tool was made more then 1 year ago.
It remained private for that long. But after all this time and with
new techs appearing its time to release it.
We hope you still like it!

Coders:
Flippmode, Read101 and satan_addict.

Thx to:
a lot of ppl (mainly aphex).

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.