Archive A Reconstructed © MegaSecurity Database
LttLogger 2.0
Released 21 years, 1 month ago. March 2005
Copyright © MegaSecurity
By LttCoder
Informations
| Author | LttCoder |
| Family | LttLogger |
| Category | Information Stealer |
| Version | LttLogger 2.0 |
| Released Date | Mar 2005, 21 years, 1 month ago. |
| Language | Delphi, Server compressed with FSG |
Additional Information
Server:
dropped files:
c:\WINDOWS\4DFlowerBox.scr size: 17,197 bytes
c:\WINDOWS\cht.pol size: 36 bytes
c:\WINDOWS\mseiw.exe size: 17,197 bytes
c:\WINDOWS\syxsocks.dll size: 18,944 bytes
c:\WINDOWS\system32\fontstyles.exe size: 17,197 bytes
changes to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe
new data: explorer.exe 4DFlowerBox.scr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"
old data:
new data: C:\WINDOWS\System32\fontstyles.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"
old data:
new data: mseiw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders "Common Startup"
old data: %ALLUSERSPROFILE%\Start Menu\Programs\Startup
new data: C:\WINDOWS\System32\webdav
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run"
data: mseiw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} "StubPath"
data: C:\WINDOWS\mseiw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "msiew"
data: C:\Documents and Settings\Kobayashi\Desktop\LttLogger2.0\server.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msiew"
data: C:\WINDOWS\mseiw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices "msiew"
data: C:\WINDOWS\mseiw.exe
tested on Windows XP
March 21, 2005
Author Information / Description
Description:
-----------
LttLogger is a little keylogger that logs all the keys pressed on your keyboard and saves it to a file inside WINDOWS/ folder. When the file reaches ybytes (which you specify in editserver) it will automatically upload the logfile to a ftp server you specify.
-DLL injection (firwall bypass)
-Server size 16,7 kb fsg packed
-melt function
-J3n7il's editserver encryption
What's new in 2.0?
-check if FTP server is online, and only upload/reset logfile ONLY when it is online.
-Log file is now hidden and cannot be seen by a normal user.
-Finds the default internet browser and injects to it, instead of only injecting into iexplore.
-keylogger can save the logfiles in different directories on the ftp server.
-the name of the dll file that keylogger uses can now be changed from editserver.
-Multi-Infect protection.
-Disables system restore.
-more startup methods(Including Activex and the secret methods from SUB7)
-create each directory for every victim in order by computername
-PHP notification added
LttCoderThis archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.