SubSeven 2.2

Name:	SubSeven 2.2
Aliases:	Backdoor.SubSeven, Backdoor-G, BackDoor-G2, BackDoor-G22, TSB Trojan, Serbian Badman Trojan, Badman Trojan, Troj_Sub7.22,
Ports:	1080, 1369, 5873, 27374 (ports can be changed)
Files:	SubSeven2.2b.zip - 1,091,948 bytes SubSeven2.2b.zip - 174,905 bytes S722beta1.zip - 1,080,665 bytes Subseven2.2.zip - 2,914,603 bytes Newserver22.zip - Sub72.1unpk.zip - 482,324 bytes Sub72.2bnt.zip - 56,311 bytes Sub72.2.zip - S722.zip - Ss22.zip - Win3000.zip - 7,151 bytes Weed_skin.zip - 4,016 bytes Server.exe - 55,808 bytes Server.exe - 57,892 bytes Server.exe - 57,912 bytes Sub7.exe - 316,928 bytes Sub7.exe - 2,254,848 bytes Editserver.exe - 227,840 bytes Editserver.exe - 389,632 bytes Sin.exe - 225,792 bytes Sin.exe - 250,880 bytes Msrexe.exe - Run.exe - Windos.exe - Mueexe.exe - Ruoy.exe - Setup.cgi - 15,562 bytes Subseven.cgi - 43,920 bytes Capture.dll - 53,760 bytes Icqmapi.dll - 58,880 bytes Icqpwsteal.dll - 145,920 bytes Matrix.dll - 142,848 bytes Packet32.dll - 5,632 bytes S7advanced.dll - 174,592 bytes S7capture.dll - 90,624 bytes S7fun1.dll - 166,912 bytes S7fun2.dll - 36,352 bytes S7keys.dll - 53,248 bytes S7moreinfo.dll - 146,944 bytes S7passwords.dll - 49,664 bytes S7scanner.dll - 142,336 bytes S7sniffer.dll - 129,200 bytes S7takeover.dll - 59,392 bytes Watching.dll - Commands.cfg - 1,681 bytes Commands.cfg - 11,479 bytes Menu.cfg - 1,218 bytes Menu.cfg - 2,852 bytes Pages.cfg - 11,413 bytes Predefined.cfg - 4,458 bytes S7config.cfg - 721 bytes S7config.cfg - 2,117 bytes Zpacket.vxd - 11,380 bytes Subseven.set - 26 bytes Subseven.mem - Subseven.log - Subseven.ban -
Created:	Mar 2001
Requires:
Actions:	Remote Access / Keylogger / Steals passwords / Eavesdropper / Remote peeker / Sniffer / Proxy server / Hacking tool / FTP server
Registers:	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
	HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\
	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\explorer\User Shell Folders\
	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\explorer\Shell Folders\
	HKEY_LOCAL_MACHINE\Software\Microsoft\ENC
	HKEY_CLASSES_ROOT\exefile\shell\open\command
	HKEY_CLASSES_ROOT\.dl
	HKEY_LOCAL_MACHINE\Hardware\Data\
	HKEY_LOCAL_MACHINE\Hardware\Enum\
	HKEY_LOCAL_MACHINE\Software\Microsoft\DirectXMedia\
Notes:	Works on Windows 95, 98, ME, NT and 2000.
Country:
Program:	Written in Delphi.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>