SWD 1.0
(Trojan-Downloader.Win32.Small.cta)

by Icingtaupe

Written in Assembler, source included

Released in January 2006


- Builder
- FWB++ webdownload, inject into the default browser
- Dynamic linking for API's use ( there's NO "dangerous" API in the IAT / Import Table, mainly "GetProcAdress" / "GetModuleHandle" ).. in fact, 
  there's no static buffer's in the server, everything is done with stack.
- Choice of target directory : System32, Windows, Temp
- Choice of run it or not after download the file
- Choice of the webdl melt' or not
- Choice of the filename after download ( name a file "file1.Exe" on your website, 
  you can choose to save it under "csrss.exe" after download it at target .. )
- Encryption of settings ( Two very, very, very simple cryptage, one for each setting : One for the URL, another one for the FileName )
- URL length of 240 char. available, Filename => 30 char.

Icingtaupe


Server:
size: 3,072 bytes


tested on Windows XP
July 10, 2006

MegaSecurity