InCommand

Name: InCommand
Aliases: Backdoor.InCommand, BackDoor.DB, Trojan.Win32.InCommand, InCommander, Incomm,
Ports: 22, 6667, 9400, 9401 (ports can be changed)
Files: Incommand.zip - Incommand10.zip - 623,465 bytes Incommand11.zip - 806,249 bytes Incommand12.zip - 564,663 bytes Incommand13.zip - 651,971 bytes Incommand14.zip - 999,687 bytes Incommand1.5.zip - 1,240,644 bytes Incommand1.53.zip - 1,473,029 bytes Incommand1.6b.zip - 603,230 bytes Incommand1.6b2.zip - 822,209 bytes Incommand1.6b7.zip - 821,864 bytes Incommand1.7b.zip - 1,286,060 bytes Incommand_compact.zip - 570,662 bytes Incommand_compact1.7.zip - 570,659 bytes Incommand_re.zip - Inc17beta.zip - Inc17keyplug.zip - Inc17passplugs.zip - 305,122 bytes Server.zip - 286,416 bytes Srvbeta.zip - Srv16beta.zip - Skbuilder.zip - Regplug.zip - Server.exe - 172,032 bytes Server.exe - 340,483 bytes Server1.2.exe - 270,336 bytes Server1.3.exe - 301,246 bytes Server1.4.exe - 632,320 bytes Server1.5.exe - 757,760 bytes Server1.53.exe - 758,272 bytes Server16.exe - 340,483 bytes Server17.exe - Srv167.exe - 340,483 bytes Client.exe - 304,128 bytes Client.exe - 521,216 bytes Client_12_pw.exe - 251,392 bytes Client _1_1.exe - 299,416 bytes Client _1_3.exe - 330,240 bytes Client _1_4.exe - 466,944 bytes Client _1_5.exe - 509,440 bytes Client _1_53.exe - 540,672 bytes Client cmpt.exe - 587,264 bytes Betaclientc.exe - 618,496 bytes Betaserver17.exe - 312,072 bytes Editserver.exe - 266,240 bytes Editserver.exe - 268,288 bytes Editserver.exe - 268,800 bytes Editserver.exe - 518,656 bytes Lookup.exe - 110,592 bytes Scanner.exe - 398,848 bytes Editinc.exe - Peditinc.exe - 184,320 bytes Olemon32.exe - Msie50h.exe - Exesmasher.exe - 203,264 bytes Info32.exe - Insrv.exe - Mssecure.exe - Config420 - 19 bytes InCommand.420 - Smash.420 - 31,744 bytes Ico.dll - 95,232 bytes Sysmon.drv - Nt.ini - Plugin.stub - 135,680 bytes
Created: Sep 1999
Requires:
Actions: Remote Access / Keylogger / Steals passwords / Remote peeker / ICQ trojan / IRC trojan / FTP server
Registers: HKEY_LOCAL_MACHINE\System\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\System\Microsoft\Windows\
Notes: Works on Windows 95 and 98, together with ICQ. Uses Blade Runner source code. Uses plug-ins.
Country: written in the US
Program: Written in Delphi 3.
© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>