Archive A Reconstructed © MegaSecurity Database
Shalan 1.06
Released 20 years, 4 months ago. December 2005
Copyright © MegaSecurity
By Red Move
Informations
| Author | Red Move |
| Family | Shalan |
| Category | Information Stealer |
| Version | Shalan 1.06 |
| Released Date | Dec 2005, 20 years, 4 months ago. |
| Language | Visual Basic, compressed with UPX |
Additional Information
Server:
dropped file:
c:\WINDOWS\system32\Mscng.exe
size: 13,362 bytes
startup:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %*
new data: Mscng.exe opext "%1" %*
tested on Windows XP
January 23, 2006
Author Information / Description
Shalan is a pass sender that can send Yahoo Messenger & ICQ passwords to you.
--------
Features
--------
+ Both email and cgi logger notificatDon.
+ Fake message at double click on server.
+ Run file at double click on server.
+ Able to change icon.
+ Binder.
+ Firewall bypassing.
+ Undetectable by anti viruses.
+ Not shown in msconfig.
+ Diabolic startup
+ Server size is about 13.5 KB
Version 1.06 - December/22/2005
* Mail Sending bug fixed.
Red MoveThis archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.