Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

Memory manager

Copyright © MegaSecurity

By ?

Informations
Author ?
Family Memory manager
Category TrojanDropper
Version Memory manager
Additional Information
dropped files:
c:\win.dos    Size: 0 bytes 
c:\Memory manger2\data.dll        size: 188.928 bytes 
c:\Memory manger2\data.z          size: 17.408 bytes    (Backdoor.VB.an)
c:\Memory manger2\mem.dll         size: 24.064 bytes    (Backdoor.Tesk)
c:\Memory manger2\Memmanage.exe   size: 17.408 bytes    (Backdoor.Doly.16)
c:\Memory manger2\Mmgi.soc        size: 138.752 bytes 
c:\Memory manger2\Msys.z          size: 8.704 bytes     (Backdoor.Tesk)
c:\Memory manger2\Data\Jdata.reg  size: 1.238,116 bytes (TrojanDropper.Win32.BigJack.b)
c:\Memory manger2\Data\mem.z      size: 607.744 bytes   (Backdoor.ServU-based)
c:\Memory manger2\Data\su.z       size: 1.417 bytes 
c:\WINDOWS\Wings32.reg            size: 188.928 bytes 
c:\WINDOWS\winstart.bat           size: 102 bytes 
data:
@echo off copy C:\WINDOWS\Wings32.reg  C:\WINDOWS\Start Menu\Programs\StartUp\Mirabilis ICQ.exe
cls


c:\WINDOWS\system\serv-u.ini      size: 1.417 bytes 
c:\WINDOWS\system\windll16.sys    size: 60.7,744 bytes   (Backdoor.ServU-based)
c:\WINDOWS\system32\FS.ocx        size: 62.976 bytes 

added to registry:
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Control
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Programmable
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Version
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\VersionIndependentProgID
HKEY_CLASSES_ROOT\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_CLASSES_ROOT\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\Control
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\MiscStatus
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\MiscStatus\1
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\ProgID
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\ToolboxBitmap32
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{EFFEFC83-4447-11D2-A504-50846BC10000}\Version
HKEY_CLASSES_ROOT\CLSID\{EFFEFC86-4447-11D2-A504-50846BC10000}
HKEY_CLASSES_ROOT\CLSID\{EFFEFC86-4447-11D2-A504-50846BC10000}\InprocServer32
HKEY_CLASSES_ROOT\FSUtils.FS
HKEY_CLASSES_ROOT\FSUtils.FS\Clsid
HKEY_CLASSES_ROOT\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_CLASSES_ROOT\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
HKEY_CLASSES_ROOT\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_CLASSES_ROOT\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
HKEY_CLASSES_ROOT\Interface\{EFFEFC82-4447-11D2-A504-50846BC10000}
HKEY_CLASSES_ROOT\Interface\{EFFEFC82-4447-11D2-A504-50846BC10000}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{EFFEFC82-4447-11D2-A504-50846BC10000}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{EFFEFC82-4447-11D2-A504-50846BC10000}\TypeLib
HKEY_CLASSES_ROOT\Interface\{EFFEFC84-4447-11D2-A504-50846BC10000}
HKEY_CLASSES_ROOT\Interface\{EFFEFC84-4447-11D2-A504-50846BC10000}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{EFFEFC84-4447-11D2-A504-50846BC10000}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{EFFEFC84-4447-11D2-A504-50846BC10000}\TypeLib
HKEY_CLASSES_ROOT\Interface\{EFFEFC85-4447-11D2-A504-50846BC10000}
HKEY_CLASSES_ROOT\Interface\{EFFEFC85-4447-11D2-A504-50846BC10000}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{EFFEFC85-4447-11D2-A504-50846BC10000}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{EFFEFC85-4447-11D2-A504-50846BC10000}\TypeLib
HKEY_CLASSES_ROOT\MSWinsock.Winsock
HKEY_CLASSES_ROOT\MSWinsock.Winsock\CLSID
HKEY_CLASSES_ROOT\MSWinsock.Winsock\CurVer
HKEY_CLASSES_ROOT\MSWinsock.Winsock.1
HKEY_CLASSES_ROOT\MSWinsock.Winsock.1\CLSID
HKEY_CLASSES_ROOT\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_CLASSES_ROOT\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0
HKEY_CLASSES_ROOT\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR
HKEY_CLASSES_ROOT\TypeLib\{EFFEFC87-4447-11D2-A504-50846BC10000}
HKEY_CLASSES_ROOT\TypeLib\{EFFEFC87-4447-11D2-A504-50846BC10000}\1.0
HKEY_CLASSES_ROOT\TypeLib\{EFFEFC87-4447-11D2-A504-50846BC10000}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{EFFEFC87-4447-11D2-A504-50846BC10000}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{EFFEFC87-4447-11D2-A504-50846BC10000}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{EFFEFC87-4447-11D2-A504-50846BC10000}\1.0\HELPDIR

data.dll does connect to an IRC server

tested on Windows XP
December 22, 2004

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.