SubSeven 2.2

Name:	SubSeven 2.2
Aliases:	Backdoor.SubSeven, Backdoor-G,
Ports:	1080, 5873, 27374 (port can be changed)
Files:	SubSeven2.2b.zip - 1,091,948 bytes S722beta1.zip - 1,080,665 bytes Subseven2.2.zip - 2,914,603 bytes Newserver22.zip - Sub72.2bnt.zip - 56,311 bytes Win3000.zip - 7,151 bytes Weed_skin.zip - 4,016 bytes Server.exe - 55,808 bytes Server.exe - 57,892 bytes Server.exe - 57,912 bytes Sub7.exe - 316,928 bytes Sub7.exe - 2,254,848 bytes Editserver.exe - 227,840 bytes Editserver.exe - 389,632 bytes Sin.exe - 225,792 bytes Sin.exe - 250,880 bytes Zpacket.vxd - 11,380 bytes Setup.cgi - 15,562 bytes Subseven.cgi - 43,920 bytes Packet32.dll - 5,632 bytes Capture.dll - 53,760 bytes Icqmapi.dll - 58,880 bytes Icqpwsteal.dll - 145,920 bytes Matrix.dll - 142,848 bytes Packet32.dll - 5,632 bytes S7advanced.dll - 174,592 bytes S7capture.dll - 90,624 bytes S7fun1.dll - 166,912 bytes S7fun2.dll - 36,352 bytes S7keys.dll - 53,248 bytes S7moreinfo.dll - 146,944 bytes S7passwords.dll - 49,664 bytes S7scanner.dll - 142,336 bytes S7sniffer.dll - 129,200 bytes S7takeover.dll - 59,392 bytes Commands.cfg - 1,681 bytes Commands.cfg - 11,479 bytes Menu.cfg - 1,218 bytes Menu.cfg - 2,852 bytes Pages.cfg - 11,413 bytes Predefined.cfg - 4,458 bytes S7config.cfg - 721 bytes S7config.cfg - 2,117 bytes Subseven.set - 26 bytes Subseven.mem - Subseven.log - Subseven.ban -
Created:	Mar 2001
Requires:
Actions:	Remote Access / FTP server / Keylogger / Steals passwords /Eavesdropper / Sniffer / Proxy server
	Alters System.ini and Win.ini. Is a extremly advanced and popular trojan. It can steal all possible passwords, eavesdrop using the microphone and watch the user using the Web camera. As it´s using a server only 54,5 kilobyte large. It may use different ports from time to time and use proxys when trying to connect to the victim. It also can make use of a built-in network scanner. Please observe the feature
Versions:	2.2b1, 2.2b2, 2.2,
Registers:	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\ HKEY_L OCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\explore r\User Shell Folders\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\explorer\S hell Folders\
Notes:	Works on Windows 95, 98, ME, NT and 2000.
Country:
Program:

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>