SubSeven

Name:	SubSeven
Aliases:	Sub 7, BackDoor.G, Pinkworm, SubStealth, BackDoor-G2, Backdoor.SubSeven, .LOG,
Ports:	1243, 1999, 2772, 2773, 2774, 6667, 6711, 6712, 6713, 6776, 7000, 7215, 16959, 27374, 27573, 54283 (various ports are used for different versions)
Files:	Subseven.exe - 308,224 bytes Subseven.exe - 312,320 bytes Subseven.exe - 381,440 bytes Subseven.exe - 388,096 bytes Subseven.exe - 428,469 bytes Subseven.exe - 623,104 bytes Subseven.exe - 624,128 bytes Sub7.exe - 468,992 bytes Sub7.exe - 479,232 bytes Sub7.exe - 491,520 bytes Sub7.exe - 493,056 bytes Sub7.exe - 519,680 bytes Server.exe - 250,368 bytes Server.exe - 251,904 bytes Server.exe - 333,547 bytes Server.exe - 335,237 bytes Server.exe - 335,799 bytes Server.exe - 336,867 bytes Server.exe - 336,934 bytes Server.exe - 342,042 bytes Server.exe - 352,287 bytes Server.exe - 380,835 bytes Server.exe - 381,347 bytes Server.exe - 382,371 bytes Server.exe - 385,858 bytes Server.exe - 867,840 bytes Editserver.exe - 186,368 bytes Editserver.exe - 195,584 bytes Editserver.exe - 221,184 bytes Editserver.exe - 303,802 bytes Editserver.exe - 404,992 bytes Editserver.exe - 484,352 bytes Systrayicon.exe - 768 bytes Systray.exe - 33,280 bytes Icqmapi.dll - 58,368 bytes Icqmapi.dll - 58,880 bytes Kerne1.exe - Kernel16.dl - Kernel32.dl - Explore.exe - Msrexe.exe - 399,267 bytes Mueexe.exe - Fueovs.exe - Uabmruua.exe - Windos.exe - Win32.exe - Nodll.exe - 32,768 bytes Nodll.exe - 33,230 bytes Subseven.ini - Skin.ini - 454 bytes Skin.ini - 464 bytes Skin.ini - 468 bytes Skin.ini - 481 bytes Rundll1.exe - Rundll16.exe - S7undetec.exe - 321,476 bytes Subpas1.cab - 1,312,768 bytes Subpas2.cab - 145,273 bytes Setup.exe - 140,800 bytes Ssetup.exe - 140,800 bytes Setup.lst - 3,656 bytes Ssetup.lst - 3,656 bytes Task_bar.exe - Mvokh_32.dll - Favpnmcfee.dll - Watching.dll - Run.exe - 11,371 bytes Sub7bonus.exe - Wandows.com -
Created:	Feb 1999
Requires:
Actions:	Remote Access / Network trojan / ICQ trojan / IRC trojan
Registers:	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
	HKEY_LOCAL_MACHINE\SOFTWARE\exefile\shell\open\command\
	HKEY_CLASSES_ROOT\exefile\shell\open\command
Notes:	Works on Windows 95, 98 and NT. From version 2.2 beta 2 also on NT, before only on 95 and 98. Version 2.1 can also be controlled via messages over IRC and ICQ. From 2.13 all file names are default names and can be changed. ? Source code is decompiled and available. Master Passwords lower version: PREDATOX, v1.9 : predatox and v2.1 - 2.2b : 14438136782715101980
Country:	written in the Netherlands
Program:	Written in Delphi.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>