Archive A Reconstructed © MegaSecurity Database

• a
• b
• c
• d
• e
• f
• g
• h
• i
• j
• k
• l
• m
• n
• o
• p
• q
• r
• s
• t
• u
• v
• w
• x
• y
• z
• other

Server:
dropped file:
c:\WINDOWS\winhost32.exe 

size: 20.480 bytes
 
port 2122

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "winhost32.exe"

Features:

--FWB (inject to explorer.exe), Melt, ActiveX startup, and install to win dir options.
--Aim Spy
--webcam and screen capture
--Offline Keylogger
--File, Task (with send keys), Process, and Registry managers
--computer info
--webdownload
--Broadcast commands: uninstall, close, reset, webdownload, upload.

Changes in 5h17:
--Replaced ActiveX startup with Run
--More Client tweeks

stm

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.