Government Security
Network Security Resources

Jump to content

Bind Files

- - - - -
  • Please log in to reply
11 replies to this topic

#1 Guest_RandomCode_*

Guest_RandomCode_*
  • Guests

Posted 03 February 2006 - 08:34 AM

Simple binding exemple that i'v found in psc and wanted to share with everyone :P

Binder :ph34r:

#2 runtime

runtime

    Staff Sergeant

  • Members
  • 290 posts

Posted 25 February 2006 - 01:10 PM

Very nice! And with Source Code! You have my thanks... I hope this will stop some people asking "where can I find a good binder" or "how do I bind files" :D

#3 secrou

secrou

    Corporal

  • Members
  • 174 posts

Posted 26 February 2006 - 03:42 AM

so where we are in the VB forum, we can talk about our own binder made by microsoft: the resource editor!
and with the resource editor you got another advantage:
the bindet file is realy good encrypted!
i loadet nearby 10 viruses and backdoors into one exe file, and NO av did detect them inside there.

thats realy cool as dropper and realy simple to use.

greetz
Posted Image

#4 S3M73X

S3M73X

    Private First Class

  • Members
  • 36 posts

Posted 02 June 2006 - 09:50 AM

microsoft: the resource editor!


which one do you mean? i googled a bit but i am not sure which one you mean. would be appreciated if you can help me with it... i'll install my VS so far.

#5 secrou

secrou

    Corporal

  • Members
  • 174 posts

Posted 03 June 2006 - 05:32 AM

you can find the resource editor in the ide of vb6
about other versions of vb i dont know, but vb6 is the best.
it is the registry icon with a hand in it.
you can add the resource editor in the addin-mannager.
(VB 6 Resource Editor)

then you can extract it from the source:

Sub extract(group As String, num As Long, wohin As String)
On Error Resume Next
Dim de() As Byte
de = LoadResData(num, group)

Open wohin For Binary Access Write As #1
Put #1, , de
Close #1
End Sub


you can use it for adding winsock to the pc for e.g.:

Call extract("ocx", 1, "C:\Windows\system32\mswinsck.ocx")

the name "ocx" and the number "1" must be set in the resource editor.

so you can build a "dropper" to drop the ocx and the main programm that needs the ocx without getting an error (file is missing) or sending 2 files.


greetz
Posted Image

#6 Guest_genesis_*

Guest_genesis_*
  • Guests

Posted 21 June 2006 - 12:03 PM

Excellent binder
Thanks :D

#7 S3M73X

S3M73X

    Private First Class

  • Members
  • 36 posts

Posted 08 July 2006 - 10:06 PM

@secrou
thx for this nice hints... i'll try this one.

but if i understood this right its a "dropper" coded with visual basic isnt it?
iam zero familiar with VB but i'll try this.

:unsure:

#8 secrou

secrou

    Corporal

  • Members
  • 174 posts

Posted 09 July 2006 - 04:14 AM

mhm we are in the vb forum, the code is made in vb ... yes i think its a programm coded in visual basic .... :P

its only useable for private use, so not for publick programs (or do you want to send all people the vb6 ide to use a file binder? :D )

it does not need any extra dlls, so it works on all machines where normal vb progs do work.
Posted Image

#9 LittleHacker

LittleHacker

    Staff Sergeant

  • Members
  • 453 posts

Posted 03 September 2006 - 02:52 PM

I'm wonder if it's possible to load an embedded exe directly to ram and no trace on hdd using vb

#10 D3FONiX

D3FONiX

    Private First Class

  • Members
  • 88 posts

Posted 14 September 2006 - 08:51 AM

I'm wonder if it's possible to load an embedded exe directly to ram and no trace on hdd using vb

im not sure about doing that ALL in vb, it might need some asm too

#11 secrou

secrou

    Corporal

  • Members
  • 174 posts

Posted 15 September 2006 - 05:13 AM

hi,
im already wondering about this because like i see a lot of c++ binders use the following way:
they encrypt the second executable, add it to the stub and then when executed the stub decryptes the rest of the file, and shells it by createremotethreat(api).

so, dont they have a shell command like vb or do they load the decrypted data into a new thread, without placing it into an exefile bevor?

greetz
Posted Image

#12 Rushil

Rushil

    Private

  • Members
  • 1 posts

Posted 26 November 2009 - 02:57 AM

hey guys, i dont understand VB at all...although i hav know vbscript plzz explain to me exactly how to go about binding files...i need to do it urgently.