Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

Spy Agent 1.3B

Released 18 years, 4 months ago. December 2007

Copyright © MegaSecurity

By AliCaNelKa

Spy Agent 1.3B
Informations
From Turkey
Author AliCaNelKa
Family Spy Agent
Category Information Stealer
Version Spy Agent 1.3B
Released Date Dec 2007, 18 years, 4 months ago.
Language Delphi
Additional Information
Server
Dropped Files:
c:\WINDOWS\FF.Txt                                                   Size: 32 bytes 
c:\WINDOWS\Test1.bat                                                Size: 34 bytes 
c:\WINDOWS\system32\FFlogger.dll                                    Size: 19,968 bytes 
c:\WINDOWS\system32\ie.dll                                          Size: 145,828 bytes 
c:\WINDOWS\system32\msn.dll                                         Size: 170,618 bytes 
c:\WINDOWS\system32\out.dll                                         Size: 136,042 bytes 
c:\WINDOWS\system32\pr.dll                                          Size: 29,696 bytes 
c:\WINDOWS\system32\spytool.dll                                     Size: 15,872 bytes 
c:\WINDOWS\system32\wr.dll                                          Size: 38,912 bytes 
c:\WINDOWS\system32\nfwxTtI5cMGsEKRQ9lub4HBFZXCiqAy\services.exe    Size: 577,735 bytes 

Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft DirectX Diagnostic Tool"
Data: C:\WINDOWS\System32\nfwxTtI5cMGsEKRQ9lub4HBFZXCiqAy\services.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\X12 "dir"
Data: C:\WINDOWS\System32\nfwxTtI5cMGsEKRQ9lub4HBFZXCiqAy\services.exe 




Tested on Windows XP
December 19, 2007

Author Information / Description
Password Stealer for
  
    * MSN Messenger
    * Windows Messenger (In Windows XP)
    * Windows Live Messenger (In Windows XP And Vista)
    * Yahoo Messenger (Versions 5.x and 6.x)
    * Google Talk
    * ICQ Lite 4.x/5.x/2003
    * AOL Instant Messenger (only older versions, the password in newer versions of AIM cannot be recovered)
    * AOL Instant Messenger/Netscape 7
    * Trillian
    * Miranda
    * GAIM

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.