from the doc:'Golden Retreiver v1.1 BETABy NoaWhat the hpercentll is it?Golden Retreiver is a very simple trojan made to do one specific thing. Once GR is run it will ftp to your ftp site and download the file called RunMe.exe. After it succesfully downloads it, it will be spawned. NOTE: For a more detailed description scroll down. Package DescriptionGRcfg.exe- This needs to be run first so you can specify the username, password, ftp server, and binary file to download. GR.exe- This is the Golden Retreiver trojan file that needs to be spawned on a remote computer. This one will not restart with windows. GRreg.exe- This is the Golden Retreiver trojan file that needs to be spawned on a remote computer. This one will restart with windows. GRreg.exe.bak- This is a back-up of the one above because the GD trojan file can only be configured once. Read-Me.bat- Your viewing it dipshpercentt. Read-Me.pif- settings for readme file. Detailed descriptionWhen you run the trojan file it will copy itself to c:mstask.exe with a different icon and add itself to the reg as "Task Manager" in /CurrentVersion/Run/. Then GR will check and see if it has allready been run and had a successfull download. If it hasn't then it will ftp to your previously specified ftp site and download the exe file named RunMe.exe(It *IS* Case Sensitive). If it can't successfully download the trojan at that time than it will try ever 5 minutes until it's successfull. If it is successfull than it will not start again untill the downloaded trojan is deleted:) !IMPORTANT NOTES!- In the config program make sure that when it asks you for executable that you put RunMe.exe, or it will not work at all. Also, GR.exe will not copy itself to the c: dir and add itself to the reg. Getting StartedStep#1. Upload your favorite trojan or whatever to your ftp site and rename it RunME.exe(Case Sensitive). Step#2. Run Config.exe and specify the required info. Step#3. Give the GR Trojan file to a victim in some form or another. Step#4. Go to your ftp site and look for The Trojan Was Uploaded. If it's there then trojan was successfully downloaded.iMPORTANT iNFOThe trojan file does not require any VB runtime files because it was not coded in VB. BUT, the config.exe program requires VB6 runtimes. Sorry about that. I had probs with making it in c++.'
GRWin32.TrojanDropper.Win32.GRWin32.TrojanRunner.GR
c:mstask.exegrcfg.exe