Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

Troya 1.0

Released 21 years, 4 months ago. December 2004

Copyright © MegaSecurity

By Mohammad

Troya 1.0
Informations
From Iran
Author Mohammad
Family Troya
Category Remote Access
Version Troya 1.0
Released Date Dec 2004, 21 years, 4 months ago.
Language Delphi, compressed with PECompact
Additional Information
Server:
dropped files:
c:\WINDOWS\WinLoaderXP.exe    Size: 268,288 bytes 
c:\WINDOWS\system32\explorer64.exe                           size: 6,144 bytes 
c:\WINDOWS\system32\oobe\html\404.htm                        size: 595 bytes 
c:\WINDOWS\system32\oobe\html\Capture_Settings.htm           size: 1,148 bytes 
c:\WINDOWS\system32\oobe\html\file_manager.htm               size: 675 bytes 
c:\WINDOWS\system32\oobe\html\Files.htm                      size: 546 bytes 
c:\WINDOWS\system32\oobe\html\Header.htm                     size: 2,550 bytes 
c:\WINDOWS\system32\oobe\html\Index.htm                      size: 2,020 bytes 
c:\WINDOWS\system32\oobe\html\Index1.htm                     size: 325 bytes 
c:\WINDOWS\system32\oobe\html\Internal_Error.htm             size: 509 bytes 
c:\WINDOWS\system32\oobe\html\NotReady.htm                   size: 718 bytes 
c:\WINDOWS\system32\oobe\html\Process_Manager.htm            size: 1,176 bytes 
c:\WINDOWS\system32\oobe\html\s.css                          size: 1,254 bytes 
c:\WINDOWS\system32\oobe\html\Screen_Resolution_Manager.htm  size: 875 bytes 
c:\WINDOWS\system32\oobe\html\Top.htm                        size: 1,212 bytes 
c:\WINDOWS\system32\oobe\html\Window_Manager.htm             size: 1,820 bytes 

port: 800 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "GenericHostXP"
data: C:\WINDOWS\WinLoaderXP.exe 


tested on Windows XP
January 04, 2005

Author Information / Description
============	About Program========================
	| Troya is a WebRAT (Web Remote Access Tool)        |
	| It uses Internet Explorer to connect to Remote PC.|
	| For Example: http://217.218.10.16/	    	    |
	| Coded by: Borland Delphi 6.0                      |
	| Released in: Dec. 2004                            |
	=====================================================
	
	=============About Author============
	|   Name: Mohammad                  |
	|   Location: Iran - Tehran         |
	|   Age: 19                         |
	=====================================

v1.02 (Version 1.0 - BugFix 2)
Last Updated: 2004/12/11

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.