Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

SkD RAT 2.0

Released 20 years, 4 months ago. December 2005

Copyright © MegaSecurity

By SkD

Informations
Author SkD
Family SkD RAT
Category Remote Access
Version SkD RAT 2.0
Released Date Dec 2005, 20 years, 4 months ago.
Language Visual Basic
Additional Information
Server:
dropped files:
c:\WINDOWS\windos32.dll                Size: 50,176 bytes 
c:\WINDOWS\winsys32.exe                Size: 34,304 bytes 
c:\WINDOWS\system32\win32system.dat    Size: 135 bytes 

port: 1234 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows32Bit Service"
data: C:\WINDOWS\winsys32.exe 


tested on Windows XP
June 06, 2005

Author Information / Description
Well, this is my new version of my RAT. I think there are lots of changes since the last version (1.5)!
The server is rewritten completely in a different language (Delphi), 
meaning that you dont need the Visual Basic runtimes anymore, and no more WinSock OCX is needed as Im using the WinSock API. 
This version is completely based on reverse-connection which makes the server connect to your computer instead of you connecting to a remote computer (direct connect).

Here is a list of what my RAT currently features:
-FireWall ByPass (Tested on ZoneLabs ZoneAlarm 6.0)
-SDTRestore (Unhook Kernel+User Mode APIs)
-In-Built RootKit (Hide Files,etc)
-Server Multi-Threaded (While Downloading, you can do other functions!)
-Registry Manager (More like a Registry Viewer as there is no delete,create,edit keys..)
-Services Manager
-MessageBox
-URL Download 
-Mouse Control
-Control Panel
-Crazy Mouse
-Send Keys
-Power Options (Log Off,ShutDown,Reboot..)
-MsN Passwords (Grab passwords for MSN messenger,Yahoo! messenger,ICQ,etc)
-Offline/Online Keylogger
-Window Manager
-Task (Process) Manager
-Hide StartButton/Show StartButton
-Scripting
-FileManager
-ClipBoard Manager
-PC Information
-Mass Download (Send a command to all servers on your reverse-connected list to download a file + execute from any URL)


SkD

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.