19 Kasım 2012 Pazartesi

Antivirüs Bypass Part 3

I have previously mentioned how to find required virus definition in my article Hexing Part II. But, I just forgot to post further part of hexing. Lately.Now,I am writing next and final part of Hexing tutorial.

Finding virus definition is important so that we can change found virus definition and prevent antivirus from detecting our virus. The article below shows how to change virus offset to
bypass antivirus detection and make our trojan undetectable from antiviruses.

Make Trojan undetectable:

To change virus definition we need to have a hex editor. Hex Workshop is one of the best hex editors, I found.

1. Free Download Hex Editor to make trojan undetectable.

2. The downloaded file is zipped and password protected. Click here to get the password.

3. Now, install Hex Editor on your computer.

4. Right click on 7107.exe (obtained from Hexing Part II) and select 'Edit with Hex Workshop'.

5. You will see something like this:




                                               Click on image to see enlarged view

6. Repeat this for 7108.exe.

7. Now, compare both files. You will see at the end 7108.exe will have offset "00" and 7107.exe does not have. So, we conclude that "00" is recognized as virus by antivirus. Note that offset. Here, offset is 0x00001BC3.


                                                  Click on image to see enlarged view


8. Now, open original IceGoldFreezer.exe in Hex Workshop and move to offset 0x00001BC3. Simply select the Dos Prompt of Hex Workshop corresponding to virus signature found in Step 6. and hit on space bar.



                                                 Click on image to see enlarged view

9. Save the file as IceGoldFreezer.exe and again run antivirus scan. Avira will not detect any virus. Also, run, IceGoldFreezer.exe on computer. It will run normally to indicate that we have made it undetectable from Avira antivirus....cheers. We have FUD freezer.

Update: Many readers had problems implementing this Hexing technique and hence I have written an article to solve those queries. If you have any problem, refer my article Hexing Queries Solved for more information.


Now, you can
make any trojan undetectable from antivirus
using this trojan undetection technique. If you have any problem while using this method to make trojan undetectable from antiviruses, please mention it in comments.

Enjoy Hexing to make trojan undetectable from antiviruses...
Gönderen zaman: 06:12

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)