Archive A Reconstructed © MegaSecurity Database
X_Agent 3.0 Pro
Released 17 years, 3 months ago. January 2009
Copyright © MegaSecurity
By UmmU
Informations
| From | Turkey |
| Author | UmmU |
| Family | X_Agent |
| Category | Remote Access |
| Version | X_Agent 3.0 Pro |
| Released Date | Jan 2009, 17 years, 3 months ago. |
Additional Information
Constructor:
Dropped Files:
c:\Documents and Settings\Kobayashi\Local Settings\Temp\Install.exe
Size: 490,803 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\Keylogger-MEGASECURITY.txt
c:\Documents and Settings\Kobayashi\Local Settings\Temp\mail.exe
Size: 46,080 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\mail.txt
c:\Documents and Settings\Kobayashi\Local Settings\Temp\msn.exe
Size: 44,544 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\msn.txt
c:\Documents and Settings\Kobayashi\Local Settings\Temp\pspv.exe
Size: 52,736 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\pspv.txt
c:\Documents and Settings\Kobayashi\Local Settings\Temp\server.exe
Size: 664,055 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\X-Agent 3.0.exe
Size: 2,349,056 bytes
c:\WINDOWS\system32AKV.exe
Size: 402,944 bytes
c:\WINDOWS\system32YDWB.001
Size: 512 bytes
c:\WINDOWS\system32YDWB.006
Size: 7,680 bytes
c:\WINDOWS\system32YDWB.007
Size: 5,632 bytes
c:\WINDOWS\system32YDWB.exe
Size: 482,816 bytes
c:\WINDOWS\system32\1298.ftp
Date: 3/23/2009 1:42 PM
Size: 15 bytes
c:\WINDOWS\system32\1298.pass
Date: 3/23/2009 1:42 PM
Size: 6 bytes
c:\WINDOWS\system32\1298.usr
Date: 3/23/2009 1:42 PM
Size: 10 bytes
c:\WINDOWS\system32\blckx.exe
Date: 3/23/2009 1:43 PM
Size: 618,496 bytes
c:\WINDOWS\system32\ftdutil.exe
Size: 65,536 bytes
c:\WINDOWS\system32\ip.php
Date: 3/23/2009 1:43 PM
Size: 40 bytes
c:\WINDOWS\system32\ntvxdc.exe
Size: 65,536 bytes
c:\WINDOWS\system32\viclgkc.dll
Size: 107 bytes
c:\WINDOWS\system32\wcsydrv.exe
Size: 65,536 bytes
c:\WINDOWS\system32\wintgtsv.exe
Size: 65,536 bytes
c:\WINDOWS\system32\drivers\ctfmon.exe
Size: 212,992 bytes
c:\WINDOWS\system32\drivers\PicFormat32.dll
Size: 121,564 bytes
c:\WINDOWS\system32\drivers\PicFormat32.ocx
Size: 36,864 bytes
c:\WINDOWS\system32\drivers\rundll32.exe
Size: 200,704 bytes
c:\WINDOWS\system32\drivers\svchost.exe
Size: 176,128 bytes
Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "msconfig"
Data: C:\WINDOWS\system32\blckx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Virtual Java"
Data: wintgtsv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Sys Startup"
Data: wintgtsv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Windows start"
Data: explorer.exe wintgtsv.exe
Server
Size: 688,128 bytes
Tested on Windows XP
March 23, 2009This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.