by akcom
Written in Delphi
Released in April 2004
manslut uploader v1.1 by akcom compiled 4/16/2004 this a reverse connection sin trojan... um... thats it public version 1.1 just so you know... it uses the startup file specified in the editor the registry key corresponds to the name of the key for the 'Active Setup' method the port is the port on which you want the trojan to connect to you the server is a dyndns pointing to you (or your ip) which will be encrypted using a very basic encryption method updates: 1) All known bugs fixed keep in mind... 1) the server field in the editor should/can be a dynamic dns address that you have the backdoor connect or a static address (not recommended) 2) remote file in upload and download can include the following strings: %WINDIR%, %SYSDIR%, %TMPDIR%. they will be translated accordingly, (ie %WINDIR%\test.exe = C:\Windows\test.exe) 3) clicking on a client will 'activate' the client, bringing up all its information (proc list, sys info, remote cmd, etc) 4) to stop a remote cmd prompt just send 'exit' w/o the quotes 5) you will need to open 61804, the transfer port (displayed at runtime), and whatever port you select for the backdoor to connect on 6) the server uses the Active Setup startup method note: i've already considered using an ftp server which contains a file that has the ip address to connect to and concluded that this is completely useless (just adds one more server that has to be up) akcom Client: port: 61804 TCP Server: dropped file: c:\WINDOWS\SYSTEM\myfile.exe size: 9.728 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\mykey "StubPath" data: "C:\WINDOWS\SYSTEM\myfile.exe" -AMegaSecurity