Troya 1.02
(Backdoor.Win32.Masot.a)

by Mohammad

Written in Delphi, compressed with PECompact

Released in December 2004

Made in Iran

more versions



	============	About Program========================
	| Troya is a WebRAT (Web Remote Access Tool)        |
	| It uses Internet Explorer to connect to Remote PC.|
	| For Example: http://217.218.10.16/	    	    |
	| Coded by: Borland Delphi 6.0                      |
	| Released in: Dec. 2004                            |
	=====================================================
	
	=============About Author============
	|   Name: Mohammad                  |
	|   Location: Iran - Tehran         |
	|   Age: 19                         |
	=====================================

v1.02 (Version 1.0 - BugFix 2)
Last Updated: 2004/12/11


Server:
dropped files:
c:\WINDOWS\WinLoaderXP.exe    Size: 268,288 bytes 
c:\WINDOWS\system32\explorer64.exe                           size: 6,144 bytes 
c:\WINDOWS\system32\oobe\html\404.htm                        size: 595 bytes 
c:\WINDOWS\system32\oobe\html\Capture_Settings.htm           size: 1,148 bytes 
c:\WINDOWS\system32\oobe\html\file_manager.htm               size: 675 bytes 
c:\WINDOWS\system32\oobe\html\Files.htm                      size: 546 bytes 
c:\WINDOWS\system32\oobe\html\Header.htm                     size: 2,550 bytes 
c:\WINDOWS\system32\oobe\html\Index.htm                      size: 2,020 bytes 
c:\WINDOWS\system32\oobe\html\Index1.htm                     size: 325 bytes 
c:\WINDOWS\system32\oobe\html\Internal_Error.htm             size: 509 bytes 
c:\WINDOWS\system32\oobe\html\NotReady.htm                   size: 718 bytes 
c:\WINDOWS\system32\oobe\html\Process_Manager.htm            size: 1,176 bytes 
c:\WINDOWS\system32\oobe\html\s.css                          size: 1,254 bytes 
c:\WINDOWS\system32\oobe\html\Screen_Resolution_Manager.htm  size: 875 bytes 
c:\WINDOWS\system32\oobe\html\Top.htm                        size: 1,212 bytes 
c:\WINDOWS\system32\oobe\html\Window_Manager.htm             size: 1,820 bytes 

port: 800 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "GenericHostXP"
data: C:\WINDOWS\WinLoaderXP.exe 


tested on Windows XP
January 04, 2005

MegaSecurity