Description

The Windows Service Manager feature in malware allows attackers to interact with and manipulate Windows services running on the compromised system. This feature provides the capability to list, start, stop, or even modify services, giving attackers a powerful tool to influence system behavior and configurations. Beyond these manipulations, the feature can also be employed to cause disruptions, either by disabling essential services or by triggering services that consume excessive system resources, thereby affecting system performance and stability. One of the most potent uses of this feature is in privilege escalation; by tampering with or replacing certain services that run with elevated permissions, attackers can potentially gain higher-level access to the system.

Categories Privilege Escalation, Assistance, Disruption
Dangerousness Medium

Existing Techniques

Name Associated Feature(s) Has Snippet Matching Sample
Windows Service Information Gathering logoWindows Service Information Gathering Services Manager 0
Windows Services Enumeration logoWindows Services Enumeration Services Manager 0

Associated with Releases

Version Origins Authors Languages Release Date
Beast 2.06 logoBeast 2.06 Romania ๐Ÿ‡ท๐Ÿ‡ด Tataye Delphi Feb, 2004
ProRat 1.8 logoProRat 1.8 Turkey ๐Ÿ‡น๐Ÿ‡ท HighLander , ATmaCA Borland C++ Mar, 2004
Optix Pro 1.33 logoOptix Pro 1.33 Unknown ๐Ÿดโ€โ˜ ๏ธ s13az3 Delphi Aug, 2004
Beast 2.07 logoBeast 2.07 Romania ๐Ÿ‡ท๐Ÿ‡ด Tataye Delphi Aug, 2004
Institution 2004 0.4.0 logoInstitution 2004 0.4.0 United States ๐Ÿ‡บ๐Ÿ‡ธ Aphex Delphi Oct, 2004
CIA 1.3 logoCIA 1.3 England ๐Ÿด๓ ง๓ ข๓ ฅ๓ ฎ๓ ง๓ ฟ Alchemist Visual Basic 6 (VB6) Dec, 2004
ProRat 1.9 logoProRat 1.9 Turkey ๐Ÿ‡น๐Ÿ‡ท HighLander , ATmaCA Borland C++ Mar, 2005
DARKMOON 4.11 / 4.11 Private Edition logoDARKMOON 4.11 / 4.11 Private Edition Spain ๐Ÿ‡ช๐Ÿ‡ธ shukisnike Delphi Jun, 2005
TrojNa$ 1.0 logoTrojNa$ 1.0 Unknown ๐Ÿดโ€โ˜ ๏ธ, Australia ๐Ÿ‡ฆ๐Ÿ‡บ flippmode , Satan_Addict , Read101 Delphi Jan, 2006
Turkojan 3.0 logoTurkojan 3.0 Turkey ๐Ÿ‡น๐Ÿ‡ท Fungus Delphi Sep, 2006
Poison Ivy 2.3.0 logoPoison Ivy 2.3.0 Sweden ๐Ÿ‡ธ๐Ÿ‡ช Shapeless Delphi, MASM Jun, 2007
sharK 2.4.0 Fwb+ logosharK 2.4.0 Fwb+ Germany ๐Ÿ‡ฉ๐Ÿ‡ช sNiper109 , rockZ Visual Basic 6 (VB6) Aug, 2007
Poison Ivy 2.3.2 logoPoison Ivy 2.3.2 Sweden ๐Ÿ‡ธ๐Ÿ‡ช Shapeless Delphi, MASM Jan, 2008
Turkojan 4 logoTurkojan 4 Turkey ๐Ÿ‡น๐Ÿ‡ท FยตNGยตยง Delphi Feb, 2008
Turkojan 4.0 logoTurkojan 4.0 Turkey ๐Ÿ‡น๐Ÿ‡ท Fungus Delphi Mar, 2008
sharK 3.1 fwb++ logosharK 3.1 fwb++ Germany ๐Ÿ‡ฉ๐Ÿ‡ช sNiper109 , rockZ Visual Basic 6 (VB6) Mar, 2008
SynRAT 2.1 logoSynRAT 2.1 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Delphi Oct, 2008
SynRAT 4.0.1 logoSynRAT 4.0.1 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Delphi May, 2009
Cerberus 1.0 Beta logoCerberus 1.0 Beta United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Aug, 2009
Cerberus 1.01 Beta logoCerberus 1.01 Beta United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Aug, 2009
Cerberus 1.02 Beta logoCerberus 1.02 Beta United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Aug, 2009
SynRAT 4.3.1-A-1 logoSynRAT 4.3.1-A-1 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Assembly, Delphi Aug, 2009
Apocalypse RAT 1.4 logoApocalypse RAT 1.4 Turkey ๐Ÿ‡น๐Ÿ‡ท ap0calypse Delphi Aug, 2009
Cerberus 1.03.4 logoCerberus 1.03.4 United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Sep, 2009
Spy-Net 2.6 logoSpy-Net 2.6 Brazil ๐Ÿ‡ง๐Ÿ‡ท Raphael Delphi Oct, 2009
Cerberus 1.03.5 Beta logoCerberus 1.03.5 Beta United States ๐Ÿ‡บ๐Ÿ‡ธ, United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง Protocol , Steve10120 , 2sly , Sam Delphi Dec, 2009
DarkComet RAT 2.0 RC4 logoDarkComet RAT 2.0 RC4 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Delphi Mar, 2010
CyberGate 1.04.8 logoCyberGate 1.04.8 United States ๐Ÿ‡บ๐Ÿ‡ธ johnyk Delphi Apr, 2010
Lost Door 4.3.1 logoLost Door 4.3.1 Tunisia ๐Ÿ‡น๐Ÿ‡ณ OussamiO Visual Basic 6 (VB6) Apr, 2010
DarkComet RAT 2.0 RC7 logoDarkComet RAT 2.0 RC7 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Assembly, Delphi Jun, 2010
Schwarze Sonne 1.0 logoSchwarze Sonne 1.0 Unknown ๐Ÿดโ€โ˜ ๏ธ, Germany ๐Ÿ‡ฉ๐Ÿ‡ช, Turkey ๐Ÿ‡น๐Ÿ‡ท ap0calypse , Slayer616 , Counterstrikewi Delphi Jun, 2010
Coolvibes 1 Update 8 logoCoolvibes 1 Update 8 Spain ๐Ÿ‡ช๐Ÿ‡ธ Thor Delphi May, 2011
Xtreme RAT 2.9 logoXtreme RAT 2.9 Brazil ๐Ÿ‡ง๐Ÿ‡ท Raphael Delphi Jul, 2011
DarkComet RAT 5.3 logoDarkComet RAT 5.3 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Assembly, Delphi Jun, 2012
DarkComet RAT 5.3.1 logoDarkComet RAT 5.3.1 France ๐Ÿ‡ซ๐Ÿ‡ท DarkCoderSc Assembly, Delphi Jun, 2012
NjRat 0.7d logoNjRat 0.7d Kuwait ๐Ÿ‡ฐ๐Ÿ‡ผ njq8 VB .net Dec, 2013