Archive A Reconstructed © MegaSecurity Database

• a
• b
• c
• d
• e
• f
• g
• h
• i
• j
• k
• l
• m
• n
• o
• p
• q
• r
• s
• t
• u
• v
• w
• x
• y
• z
• other

This backdoor is dropped by the Dumaru worm.
The Dumaru worm arrives in an email pretending to be a security patch from Microsoft
with return-path:
In reality, it is a mass-mailing email worm that installs a backdoor component onto infected systems. 
Backdoor.Win32.Dumador.e:

port: 10000, 1001, 2283 TCP

dropped files:
c:\WINDOWS\dllreg.exe                               size 36.866 bytes 
c:\WINDOWS\guid32.dll                               size 4.096 bytes 
c:\WINDOWS\vxdload.log                              size 134 bytes 
c:\WINDOWS\windrive.exe                             size 8.192 bytes 
c:\WINDOWS\Start Menu\Programs\Startup\rundllw.exe  size 36.866 bytes 
c:\WINDOWS\SYSTEM\load32.exe                        size 36.866 bytes 
c:\WINDOWS\SYSTEM\vxdmgr32.exe                      size 36.866 bytes 

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "load32" 
c:\windows\system.ini, [boot] "shell" 
c:\windows\win.ini, [windows] "run" 
c:\WINDOWS\Start Menu\Programs\Startup

registry added:
HKEY_LOCAL_MACHINE\Software\SARS "kwmfound"

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.