Government Security
Network Security Resources

Jump to content

Photo

Hex Editing Poison Ivy Servers

- - - - - server virus antivirus
  • Please log in to reply
4 replies to this topic

#1 Haru

Haru

    Private

  • Members
  • 2 posts

Posted 30 October 2010 - 04:48 AM

Just a question why do I get the "C:\Program Files\Server\server.exe is not a valid Win32 application" whenever I hex edit it?
What are any other ways to make my server undetectable by most Antivirus?
I am currently using Poison Ivy.

#2 Juza

Juza

    Specialist

  • Sergeant Major
  • 149 posts

Posted 30 October 2010 - 05:50 AM

Just a question why do I get the "C:\Program Files\Server\server.exe is not a valid Win32 application" whenever I hex edit it?


Because, you don't know what is the PE Format, and you edit something that you can't edit.

What are any other ways to make my server undetectable by most Antivirus?


Build your own crypter!

Good luck!
Go to iamjuza.blogspot.com
Follow me twitter.com/iamjuza

The true beginning of our end.


#3 Haru

Haru

    Private

  • Members
  • 2 posts

Posted 30 October 2010 - 06:12 AM


Just a question why do I get the "C:\Program Files\Server\server.exe is not a valid Win32 application" whenever I hex edit it?


Because, you don't know what is the PE Format, and you edit something that you can't edit.

What are any other ways to make my server undetectable by most Antivirus?


Build your own crypter!

Good luck!


Thanks for the info... I'll now try crpyting :))

#4 Juza

Juza

    Specialist

  • Sergeant Major
  • 149 posts

Posted 30 October 2010 - 08:42 AM

Thanks for the info... I'll now try crpyting :))


There is alot of examples on the web explaning how to do it, just do a quick search, i am sure you will find something.

Good luck!
Go to iamjuza.blogspot.com
Follow me twitter.com/iamjuza

The true beginning of our end.


#5 Ender

Ender

    Private First Class

  • Members
  • 96 posts

Posted 02 November 2010 - 08:55 PM

You are probably breaking the exe , since hexing something means you change something in the exe and you probably have no idea what that is. Sure there are hexable things that might not harm the work flow in the exe but also for you to not screw it up you first need to read up on PE format and what you can and cant edit in it. Then if you do have detected string your server you can try fill up with random hex value or you can get that very same value open it in ollydb relocated it while still preserving the original code flow and get your goal to successfully modify that detected signature and still leaving your executable file working.
But then again why would you bother all that when there is this sweet option in PI builder to generate shellcode. Well there is something for you to read up, experiment and keep you busy.





Also tagged with one or more of these keywords: server, virus, antivirus