|
|
by iciko
Written in Delphi, compressed with FSG, Source included
Released in May 2005
|
|
|
spirit is a reverse connection mini-uploader assembled with nasm.
@@ ActiveX Startup Method
@@ Only one registry key added
@@ Only one file dropped in the windows system directory
@@ Only one port and one socket for everything
@@ Injects into explorer.exe
@@ Bypasses hooking firewalls(like Tiny)
@@ Low memory usage
@@ <1.8kb unpacked
!! Cannot be packed AFAIK(It will crash if you pack it)
!! Hexing the server has a 95% chance of breaking the code
?? Double-click to upload and run a file
?? Download feature isn't implemented yet
iciko
Client:
port: 1036 TCP
Server:
dropped file:
c:\WINDOWS\system32\msvrhost32.exe
size: 1,755 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2A202488-F02D-11cf-64CD-1123AFEECF20} "StubPath"
data: C:\WINDOWS\System32\msvrhost32.exe
tested on Windows XP
May 21, 2005
MegaSecurity