make trojan undetectable to antiviruses.
As you know, I am working a lot on Undetection Techniques these days and many of readers found it difficult to implement Hexing. So, I thought of answering to the queries by writing this article.
Hexing Queries Solved:
The most asked query was how to compare two files using Hex Workshop. So, I am demonstrating this in below article.
1. Download Hexing Files Package which I will be using in this article.
2. The downloaded file is zipped and password protected. Click here to get the password.
3. Consider files 7107.exe and 7108.exe in the package. Also, install Hex workshop by double clicking on "hw32v601.exe".
4. Open Hex Workshop. Now, Go to Tools ->Compare ->Compare Files to see:
5. Now, select the file 7107.exe in first option and 7108.exe in second one. Hit on OK. You will see hex values arranged in Green and Red color as shown below.
There are two categories:
Green: Matched values
Red : Unmatched / Deleted values.
So, here we want Deleted value which is shown in Red. Thus, we have obtained hex offset which contains virus signature which is 0x00001BC3 over here (red value).
Also, I was asked about what is Dos Prompt. So, here is clarification in below image:
Now, if you will click on "00" offset, you will find "."(full-stop) underlined in Dos Prompt. Similarly, if you click on "."(full-stop) present after "FreezerLive" in Dos Prompt, you will find "00" underlined.
Now, open IceGoldFreezer.exe and goto offset 0x00001BC3. So, to change virus signature, you have to change "." to space. So, click on "." present after "FreezerLive" in Dos Prompt and simply hit space bar and its hex value will be changed(its "20").
Save the file and scan this IceGoldFreezer.exe with Avira antivirus. You will have this Freezer undetectable to antivirus.
I hope many of you will be now having your queries solved after reading this article. If you still have queries and not addressed in this article, please mention it in comments.
Enjoy Hexing to make virus undetectable...
Hiç yorum yok:
Yorum Gönder