Posted 03 February 2006 - 08:34 AM
Posted 25 February 2006 - 01:10 PM
Posted 26 February 2006 - 03:42 AM
and with the resource editor you got another advantage:
the bindet file is realy good encrypted!
i loadet nearby 10 viruses and backdoors into one exe file, and NO av did detect them inside there.
thats realy cool as dropper and realy simple to use.
Posted 02 June 2006 - 09:50 AM
microsoft: the resource editor!
which one do you mean? i googled a bit but i am not sure which one you mean. would be appreciated if you can help me with it... i'll install my VS so far.
Posted 03 June 2006 - 05:32 AM
about other versions of vb i dont know, but vb6 is the best.
it is the registry icon with a hand in it.
you can add the resource editor in the addin-mannager.
(VB 6 Resource Editor)
then you can extract it from the source:
Sub extract(group As String, num As Long, wohin As String) On Error Resume Next Dim de() As Byte de = LoadResData(num, group) Open wohin For Binary Access Write As #1 Put #1, , de Close #1 End Sub
you can use it for adding winsock to the pc for e.g.:
Call extract("ocx", 1, "C:\Windows\system32\mswinsck.ocx")
the name "ocx" and the number "1" must be set in the resource editor.
so you can build a "dropper" to drop the ocx and the main programm that needs the ocx without getting an error (file is missing) or sending 2 files.
Posted 21 June 2006 - 12:03 PM
Posted 08 July 2006 - 10:06 PM
thx for this nice hints... i'll try this one.
but if i understood this right its a "dropper" coded with visual basic isnt it?
iam zero familiar with VB but i'll try this.
Posted 09 July 2006 - 04:14 AM
its only useable for private use, so not for publick programs (or do you want to send all people the vb6 ide to use a file binder? )
it does not need any extra dlls, so it works on all machines where normal vb progs do work.
Posted 03 September 2006 - 02:52 PM
Posted 14 September 2006 - 08:51 AM
im not sure about doing that ALL in vb, it might need some asm too
I'm wonder if it's possible to load an embedded exe directly to ram and no trace on hdd using vb
Posted 15 September 2006 - 05:13 AM
im already wondering about this because like i see a lot of c++ binders use the following way:
they encrypt the second executable, add it to the stub and then when executed the stub decryptes the rest of the file, and shells it by createremotethreat(api).
so, dont they have a shell command like vb or do they load the decrypted data into a new thread, without placing it into an exefile bevor?
Posted 26 November 2009 - 02:57 AM