Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

ElfRAT 1.2

Released 22 years, 4 months ago. December 2003

Copyright © MegaSecurity

By HelioS

Informations
Author HelioS
Family Elf
Category Remote Access
Version ElfRAT 1.2
Released Date Dec 2003, 22 years, 4 months ago.
Language Visual Basic
Additional Information
Server:
dropped file:
c:\WINDOWS\SYSTEM\elfRAT.exe 
 
size: 73.728 bytes 

port: 6969 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ELFRAT"

Author Information / Description
+---------------------------------------------------------------------+
    ¦ ¦¦¦¦ IRC NOTIFIER COMMANDS                                          ¦
    +---------------------------------------------------------------------+


      !login;<password>                    login as master/admin to the server
      !logout                              logout as master/admin

      !getversion                          server will report the server version
      !getip                               server will report the victims ip
      !connect;<ip>;<port>                 server will connect to the ip and port where
                                           a client is listening on

      !quit                                makes the server quit
      !end                                 makes the server end
      !uninstall                           makes the server uninstall itself

      !getreg;<fullregistrykeyname>        server will report the value of that reg key
      !raw;<rawirccommand>                 server will send a raw irc command to the irc server
      !kill;<exename>                      server will try to close the given exe
      !killservice;<servicename>           server will try to close the given service
      !reroute                             server will rerout all messages in channel and 
                                           private message to his master
      !downloadrun;<url>                   server will download a file from the internet
                                           and open/run it
      !flood;<ircuser>,<times>;<message>   server will message the ircuser
      !free                                server will allow anybody to execute server commands
                                           not only the master/admin
      !reconnect                           server will reconnect to the irc server
      !set;...                             server will update his settings
          ;nick;<newircname>
          ;channel;<newircchannel>
          ;server;<newircserver>
          ;pass;<newpassword>
          ;icq;<newicqnumber>

HelioS

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.