Herman Agent 1.0

by matiteman

Released in February 2004

herman agent  by matiteman

about : 
herman agent is an special stealer agent that retrieve many information 
about remote host and send it  to your mail box in attacheched file:
herman agent retrieve and send u  the following information according your choice :

the mail client password list :
following email applications:
* Outlook Express
* Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
* Microsoft Outlook 2002 (POP3, IMAP, HTTP and SMTP Accounts)
* IncrediMail
* Eudora
* Group Mail Free

For each email account, the following information are sent:
Account Name, Application, Email, Server, Server Type (POP3/IMAP/SMTP), 
User Name, and Password.

the protected password list :
the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
The passwords are stealed by reading the information from the Protected Storage.
the ressource name,password and username for the following application are sent :

* Outlook passwords
* AutoComplete passwords in Internet Explorer
* Password-protected sites in Internet Explorer
* MSN Explorer Passwords: 
The MSN Explorer browser stores 2 types of passwords in the Protected Storage: 
Sign-up passwords 
AutoComplete passwords 

the dialup password:
it will retrieve, enumerates all Dial-Up entries and send u their logon details: 
* User Name, 
* Password 
* Domain.
* phone number

the remote services list and status :
it will send you the list of running services on remote system. For some of them, 
additional useful information is sent:
* file description 
* version 
* product name 
* company that created the driver file, and more.

the startup running list :
The StartupRun running send the list of all applications that are loaded automatically
 when Windows boots. For each application, additional information is sent 
* Product Name
* File Version, 
* Description
* Company Name

in order to allow you to easily identify the applications that are loaded at Windows startup

the iehistory list :
description : 
Each time that you type a URL in the address bar or click on a link in Internet Explorer browser,
the URL address is automatically added to the history index file. When you type a sequence of 
characters in the address bar, Internet Explorer automatically suggests you all URLs that begins
 with characters sequence that you typed (unless AutoComplete feature for Web addresses 
is turned off). However, Internet Explorer doesn't allow you to view and edit the entire URL list
that it stores inside the history file

the herman agent send u also the iehistory list if u want


dropped files:
c:\WINDOWS\SYSTEM\avp.exe   Size: 186.370 bytes 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "hagent"