From the doc: LAN Sniffer 1.0 by Aphex of EESThis remote admin packet sniffer is implemented using WinPcap. WinPcap is an architecture for packet capture and network analysis for the Win32 platforms. It includes a kernel-level packet filter, a low-level dynamic link library (packet.dll), and a high-level and system-independent library (wpcap.dll, based on libpcap version 0.6.2). The packet filter is a device driver that adds to Windows 95, 98, ME, NT, 2000 and XP the ability to capture raw data from a network card, with the possibility to filter and store in a buffer the captured packets. The main benifit of this software is that you can capture all TCP/IP taffic on the entire local segmant. A computer sharing a hub with other computers will be able capture not only it's own TCP/IP traffic but also traffic of the other computers sharing the same segment.A segment can be thought of as anything not seperated by a switch or router.WinPcap is about 300KB compressed. This is what makes the server size so large. It is small drawback when compared to the amount of function provided.The server only uses outgoing connections to establish a link with the client. This enables it to bypass complications arising from the server being on a private LAN.Also, the server has the capabilty to gain trusted permissions with most software firewalls. It will run completely undetected. The main file will not even show up in the process list.To begin run "Generator.exe"Windows 95/98/ME: Cable/DSL(NIC not USB), Ethernet, PPP WAN, FDDI, ARCNET, ATM and Token Ring. Windows NT/2K/XP: Cable/DSL(NIC not USB), Ethernet, FDDI, ARCNET, ATM and Token Ring.Copywrong (c) 2002-2003, Evil Eye Software. All wrongs revenged.This product includes software developed by the Politecnico di Torino, and its contributors.
Trojan.Win32.AphexSniffer.10
client.exegenerator.exe